gcole_5

Members
  • Content Count

    28
  • Joined

  • Last visited

Community Reputation

0 Neutral

About gcole_5

  • Rank
    Member
  1. Sorry, was away this week. System is running well again. I will perform the remaining clean-up items tomorrow and post a final report/follow-up. Thanks again for all of your help!!!
  2. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sonya Enabnit at 13:11:05.50 on Sun 08/01/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.673 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\Sonya Enabnit\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\willow~1.lnk - c:\program files\willowrd\WillowRd.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ww2.idstclogin.com/ReportServer/roReportViewers/arview2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64288] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-21 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-6-21 95024] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-21 69936] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336] =============== Created Last 30 ================ 2010-08-01 16:14:12 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-07-31 19:04:29 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-31 18:36:16 0 d-----w- c:\windows\ie8updates 2010-07-31 17:29:05 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-31 17:28:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-07-31 17:28:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-07-31 17:28:55 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-07-31 17:24:30 353792 ------w- c:\windows\system32\dllcache\srv.sys 2010-07-31 17:16:50 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-07-31 16:59:22 0 d-sha-r- C:\cmdcons 2010-07-31 16:56:23 98816 ----a-w- c:\windows\sed.exe 2010-07-31 16:56:23 77312 ----a-w- c:\windows\MBR.exe 2010-07-31 16:56:23 256512 ----a-w- c:\windows\PEV.exe 2010-07-31 16:56:23 161792 ----a-w- c:\windows\SWREG.exe 2010-07-15 15:47:03 0 d-----w- c:\program files\Trend Micro 2010-07-11 21:06:35 23113 ----a-w- c:\windows\hpqins15.dat 2010-07-11 21:02:59 0 d-----w- c:\docume~1\sonyae~1\applic~1\HpUpdate 2010-07-11 21:02:56 0 d-----w- c:\windows\Hewlett-Packard ==================== Find3M ==================== 2010-07-15 16:19:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-29 04:30:41 77377 ----a-w- c:\windows\hpqins05.dat 2010-06-22 04:07:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-22 04:05:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll 2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe ============= FINISH: 13:11:56.00 ===============
  3. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, August 1, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, August 01, 2010 12:23:23 Records in database: 4169928 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 78484 Threats found: 3 Infected objects found: 6 Suspicious objects found: 0 Scan duration: 02:18:49 File name / Threat / Threats count C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\lmxclgdfp\hivxopjtssd.exe.vir Infected: Trojan.Win32.FraudPack.bazc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\disk.sys.vir Infected: Rootkit.Win32.TDSS.ap 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP792\A0067845.dll Infected: Rootkit.Win32.TDSS.ap 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP815\A0082193.sys Infected: Rootkit.Win32.TDSS.ap 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP815\A0082228.exe Infected: Trojan.Win32.FraudPack.bazc 1 C:\WINDOWS\system32\DirectX\svchost.exe Infected: Trojan.Win32.FraudPack.azce 1 Selected area has been scanned.
  4. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sonya Enabnit at 10:26:41.90 on Sat 07/31/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.359 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Sonya Enabnit\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\willow~1.lnk - c:\program files\willowrd\WillowRd.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ww2.idstclogin.com/ReportServer/roReportViewers/arview2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64288] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-21 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-6-21 95024] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-21 69936] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832] =============== Created Last 30 ================ 2010-07-31 16:59:22 0 d-sha-r- C:\cmdcons 2010-07-31 16:56:23 98816 ----a-w- c:\windows\sed.exe 2010-07-31 16:56:23 77312 ----a-w- c:\windows\MBR.exe 2010-07-31 16:56:23 256512 ----a-w- c:\windows\PEV.exe 2010-07-31 16:56:23 161792 ----a-w- c:\windows\SWREG.exe 2010-07-15 15:47:03 0 d-----w- c:\program files\Trend Micro 2010-07-11 21:06:35 23113 ----a-w- c:\windows\hpqins15.dat 2010-07-11 21:02:59 0 d-----w- c:\docume~1\sonyae~1\applic~1\HpUpdate 2010-07-11 21:02:56 0 d-----w- c:\windows\Hewlett-Packard ==================== Find3M ==================== 2010-07-15 16:19:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-29 04:30:41 77377 ----a-w- c:\windows\hpqins05.dat 2010-06-22 04:07:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-22 04:05:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll 2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe ============= FINISH: 10:27:18.26 ===============
  5. ComboFix 10-07-31.01 - Sonya Enabnit 07/31/2010 10:05:14.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.733 [GMT -7:00] Running from: c:\documents and settings\Sonya Enabnit\Desktop\something.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Application Data\lmxclgdfp c:\documents and settings\NetworkService\Local Settings\Application Data\lmxclgdfp\hivxopjtssd.exe c:\documents and settings\Sonya Enabnit\g2mdlhlpx.exe c:\windows\system32\AutoRun.inf Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVCHOST32 -------\Service_svchost32 ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))) . 2010-07-21 15:28 . 2010-07-21 15:28 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-07-21 15:28 . 2010-07-21 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData 2010-07-21 15:28 . 2010-07-21 15:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2010-07-21 15:28 . 2010-07-21 15:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData 2010-07-15 22:23 . 2010-07-15 22:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-15 16:16 . 2010-07-15 16:16 -------- d-----w- c:\documents and settings\Sonya Enabnit\Local Settings\Application Data\Sunbelt Software 2010-07-15 15:47 . 2010-07-15 15:47 -------- d-----w- c:\program files\Trend Micro 2010-07-11 21:06 . 2010-07-11 21:07 23113 ----a-w- c:\windows\hpqins15.dat 2010-07-11 21:02 . 2010-07-19 03:02 -------- d-----w- c:\documents and settings\Sonya Enabnit\Application Data\HpUpdate 2010-07-11 21:02 . 2010-07-11 21:02 -------- d-----w- c:\windows\Hewlett-Packard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-23 16:23 . 2010-06-20 17:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-20 16:05 . 2007-10-16 01:54 -------- d-----w- c:\program files\TreeDiagram 2010-07-15 16:19 . 2010-06-22 05:41 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-07-11 21:55 . 2008-03-16 22:17 -------- d-----w- c:\documents and settings\Sonya Enabnit\Application Data\HPAppData 2010-07-11 21:03 . 2008-03-16 22:11 -------- d-----w- c:\program files\HP 2010-06-29 04:30 . 2010-06-29 04:22 77377 ----a-w- c:\windows\hpqins05.dat 2010-06-29 04:29 . 2007-09-03 18:01 25160 ----a-w- c:\documents and settings\Sonya Enabnit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-29 04:26 . 2008-03-16 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-06-22 04:07 . 2010-06-22 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-22 04:07 . 2010-06-22 04:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-22 04:05 . 2010-06-22 04:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-22 04:03 . 2004-08-10 19:03 77859 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-06-22 03:54 . 2010-06-22 03:52 -------- d-----w- c:\program files\Lavasoft 2010-06-22 03:54 . 2010-06-22 03:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-05 15:50 . 2010-04-07 21:48 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-02 15:52 . 2010-06-02 15:52 -------- d-----w- c:\program files\MSECache . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-27 169984] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-07 286720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-26 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] Willow Road Screen Saver.lnk - c:\program files\WillowRD\WillowRd.exe [2008-6-23 253952] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/21/2010 9:07 PM 64288] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/21/2010 11:05 PM 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [6/21/2010 9:07 PM 95024] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/21/2010 11:05 PM 69936] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 7:25 PM 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1352832] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-07-31 c:\windows\Tasks\Ad-Aware Scan (Weekly smart scan).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:18] 2010-07-31 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:18] 2010-07-31 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:18] 2010-07-31 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:18] 2010-07-31 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:18] 2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57] 2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:25] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-07-31 10:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3600) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\stsystra.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Java\jre6\bin\jucheck.exe c:\windows\system32\msiexec.exe c:\program files\McAfee Security Scan\1.0.150\McUICnt.exe . ************************************************************************** . Completion time: 2010-07-31 10:23:51 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-31 17:23 Pre-Run: 42,195,472,384 bytes free Post-Run: 41,202,876,416 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - A59F7B5250B62EE8A50A92A1671CF4F9
  6. WOW - I thought it was taking forever for a response, but email notifications just aren't working... SORRY! I am running ComboFix now and will post logs ASAP. THANKS!
  7. Would not allow me to attach a zip file, so here is the contents of the log file (attach.txt): UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 9/3/2007 11:00:49 AM System Uptime: 7/21/2010 8:17:46 PM (0 hours ago) Motherboard: Dell Inc. | | 0PM607 Processor: Mobile AMD Sempron(tm) Processor 3500+ | Socket M2/S1G1 | 1795/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 39.421 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet 6500 E709n Device ID: ROOT\MULTIFUNCTION00 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\MULTIFUNCTION00 Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: DesignJet 500 (C7769B) Device ID: ROOT\MULTIFUNCTION01 Manufacturer: Hewlett-Packard Name: DesignJet 500 (C7769B) PNP Device ID: ROOT\MULTIFUNCTION01 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet 6500 E709n Device ID: ROOT\PRINTER00 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\PRINTER00 Service: ==== System Restore Points =================== RP735: 4/22/2010 8:42:47 AM - System Checkpoint RP736: 4/23/2010 9:12:28 AM - System Checkpoint RP737: 4/24/2010 11:11:21 AM - System Checkpoint RP738: 4/25/2010 2:45:06 PM - System Checkpoint RP739: 4/26/2010 3:12:37 PM - System Checkpoint RP740: 4/27/2010 3:31:02 PM - System Checkpoint RP741: 4/28/2010 4:54:13 PM - System Checkpoint RP742: 4/30/2010 7:26:21 AM - System Checkpoint RP743: 5/1/2010 7:27:05 AM - System Checkpoint RP744: 5/2/2010 8:26:00 AM - System Checkpoint RP745: 5/3/2010 10:06:37 AM - System Checkpoint RP746: 5/4/2010 3:25:25 PM - System Checkpoint RP747: 5/5/2010 4:10:23 PM - System Checkpoint RP748: 5/6/2010 4:33:16 PM - System Checkpoint RP749: 5/7/2010 5:27:29 PM - System Checkpoint RP750: 5/8/2010 6:13:06 PM - System Checkpoint RP751: 5/10/2010 7:55:45 AM - System Checkpoint RP752: 5/11/2010 12:24:46 PM - System Checkpoint RP753: 5/11/2010 10:30:25 PM - Software Distribution Service 3.0 RP754: 5/13/2010 2:39:58 PM - System Checkpoint RP755: 5/14/2010 9:19:42 PM - System Checkpoint RP756: 5/16/2010 6:13:40 AM - System Checkpoint RP757: 5/17/2010 7:08:10 AM - System Checkpoint RP758: 5/18/2010 7:22:37 AM - System Checkpoint RP759: 5/19/2010 8:54:27 AM - System Checkpoint RP760: 5/20/2010 9:39:03 AM - System Checkpoint RP761: 5/21/2010 9:43:15 AM - System Checkpoint RP762: 5/22/2010 9:50:25 AM - System Checkpoint RP763: 5/23/2010 10:06:42 AM - System Checkpoint RP764: 5/24/2010 10:43:55 AM - System Checkpoint RP765: 5/25/2010 10:49:43 AM - System Checkpoint RP766: 5/26/2010 11:21:05 AM - System Checkpoint RP767: 5/26/2010 10:53:04 PM - Software Distribution Service 3.0 RP768: 5/27/2010 11:32:30 PM - System Checkpoint RP769: 5/29/2010 6:53:45 AM - System Checkpoint RP770: 5/30/2010 11:49:36 AM - System Checkpoint RP771: 5/31/2010 11:56:20 AM - System Checkpoint RP772: 6/1/2010 12:45:57 PM - System Checkpoint RP773: 6/2/2010 8:52:17 AM - Installed Compatibility Pack for the 2007 Office system RP774: 6/3/2010 9:25:44 AM - System Checkpoint RP775: 6/3/2010 10:57:33 PM - Software Distribution Service 3.0 RP776: 6/4/2010 10:47:16 PM - Software Distribution Service 3.0 RP777: 6/6/2010 7:37:20 AM - System Checkpoint RP778: 6/8/2010 8:35:49 AM - System Checkpoint RP779: 6/9/2010 8:38:20 AM - System Checkpoint RP780: 6/10/2010 8:48:08 AM - System Checkpoint RP781: 6/11/2010 12:54:25 PM - System Checkpoint RP782: 6/11/2010 11:00:37 PM - Software Distribution Service 3.0 RP783: 6/13/2010 7:34:34 AM - System Checkpoint RP784: 6/14/2010 10:18:44 AM - System Checkpoint RP785: 6/15/2010 9:38:25 PM - System Checkpoint RP786: 6/18/2010 9:55:45 AM - System Checkpoint RP787: 6/19/2010 10:43:01 AM - System Checkpoint RP788: 6/19/2010 9:06:32 PM - Restore Operation RP789: 6/21/2010 8:12:20 AM - System Checkpoint RP790: 6/21/2010 8:24:32 PM - Restore Operation RP791: 6/21/2010 8:30:56 PM - Software Distribution Service 3.0 RP792: 6/21/2010 8:40:03 PM - Software Distribution Service 3.0 RP793: 6/21/2010 9:11:29 PM - Installed Windows XP KB975562. RP794: 6/21/2010 9:16:14 PM - Installed Windows XP KB975713. RP795: 6/21/2010 9:18:25 PM - Installed Windows XP KB977165. RP796: 6/21/2010 9:20:03 PM - Installed Windows XP KB977914. RP797: 6/21/2010 9:21:17 PM - Installed Windows XP KB978037. RP798: 6/21/2010 9:22:28 PM - Installed Windows XP KB978251. RP799: 6/21/2010 9:24:15 PM - Installed Windows XP KB978338. RP800: 6/21/2010 9:24:40 PM - Software Distribution Service 3.0 RP801: 6/21/2010 11:13:04 PM - Software Distribution Service 3.0 RP802: 6/23/2010 9:34:29 AM - System Checkpoint RP803: 6/24/2010 10:07:06 AM - System Checkpoint RP804: 6/25/2010 11:17:37 AM - System Checkpoint RP805: 6/26/2010 1:25:18 PM - System Checkpoint RP806: 6/27/2010 4:14:07 PM - System Checkpoint RP807: 6/28/2010 9:22:00 PM - Installed MSVCSetup RP808: 6/30/2010 8:47:45 AM - System Checkpoint RP809: 7/3/2010 7:53:06 AM - System Checkpoint RP810: 7/4/2010 5:13:42 PM - System Checkpoint RP811: 7/11/2010 2:52:04 PM - System Checkpoint RP812: 7/12/2010 4:20:11 PM - System Checkpoint RP813: 7/13/2010 4:23:30 PM - System Checkpoint RP814: 7/18/2010 8:37:38 PM - System Checkpoint RP815: 7/20/2010 9:25:16 AM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 6500_E709_eDocs 6500_E709_Help 6500_E709n Ad-Aware Ad-Aware Email Scanner for Outlook Adobe Acrobat 8 Standard Adobe Acrobat 8.1.2 Security Update 1 (KB403742) Adobe Acrobat 8.1.2 Standard Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) AIO_Scan AMD Processor Driver Apple Software Update ATI Catalyst Control Center ATI Display Driver bpd_scan BPDSoftware BPDSoftware_Ini Broadcom Management Programs BufferChm C6200 C6200_doccd C6200_Help Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Copy Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder Dell Support 3.2.1 Dell Wireless WLAN Card Destination Component DeviceDiscovery DeviceManagementQFolder Digital Line Detect DivX Web Player DocMgr DocProc DocProcQFolder eSupportQFolder Fax Google Desktop Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 4.0.0.320 GPBaseService2 High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 12.0 HP Document Manager 2.0 HP Imaging Device Functions 12.0 HP Officejet 6500 E709 Series HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update HPProductAssistant HPSSupply J2SE Runtime Environment 5.0 Update 6 Java(tm) 6 Update 17 Java(tm) 6 Update 2 MarketResearch McAfee Security Scan Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Modem Helper MSVCSetup MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetWaiting Network OCR Software by I.R.I.S. 12.0 PanoStandAlone PowerDVD 5.7 ProductContext PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_min PSSWCORE QuickSet QuickTime Scan SearchAssist Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) Shop for HP Supplies SmartWebPrinting SolutionCenter Status Synaptics Pointing Device Driver thinkorswim from TD AMERITRADE Toolbox TrayApp TreeDiagram UnloadSupport Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) URL Assistant VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebEx WebFldrs XP WebReg Willow Road Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 7/21/2010 8:43:47 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 7/21/2010 8:28:47 AM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 7/21/2010 8:28:47 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 7/15/2010 9:16:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/15/2010 8:37:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 7/15/2010 8:33:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV Fips sbaphd 7/15/2010 8:32:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/15/2010 8:32:18 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 7/15/2010 8:32:18 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. ==== End Of File ===========================
  8. DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Sonya Enabnit at 20:18:32.82 on Wed 07/21/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.710 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Sonya Enabnit\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sxwhyayu] c:\documents and settings\networkservice\local settings\application data\lmxclgdfp\hivxopjtssd.exe dRun: [sxwhyayu] c:\documents and settings\networkservice\local settings\application data\lmxclgdfp\hivxopjtssd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\willow~1.lnk - c:\program files\willowrd\WillowRd.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ww2.idstclogin.com/ReportServer/roReportViewers/arview2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://investools.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64288] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-6-21 95024] S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-21 13360] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664] S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-21 69936] S2 svchost32;Windows Service Manager;c:\windows\system32\directx\svchost.exe /service [2010-7-15 53760] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832] =============== Created Last 30 ================ 2010-07-15 15:47:03 0 d-----w- c:\program files\Trend Micro 2010-07-11 21:06:35 23113 ----a-w- c:\windows\hpqins15.dat 2010-07-11 21:02:59 0 d-----w- c:\docume~1\sonyae~1\applic~1\HpUpdate 2010-07-11 21:02:56 0 d-----w- c:\windows\Hewlett-Packard 2010-06-29 04:22:17 77377 ----a-w- c:\windows\hpqins05.dat 2010-06-22 06:05:28 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-06-22 06:05:28 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-06-22 05:41:09 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-22 04:07:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-22 04:07:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-22 04:00:15 0 d-----w- c:\windows\system32\scripting 2010-06-22 04:00:15 0 d-----w- c:\windows\l2schemas 2010-06-22 04:00:14 0 d-----w- c:\windows\system32\en 2010-06-22 04:00:14 0 d-----w- c:\windows\system32\bits 2010-06-22 03:54:01 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-22 03:52:57 0 d-----w- c:\program files\Lavasoft 2010-06-22 03:46:10 0 d-----w- c:\windows\EHome 2010-06-22 03:40:36 0 d-sh--w- c:\documents and settings\sonya enabnit\IECompatCache 2010-06-22 03:40:03 0 d-sh--w- c:\documents and settings\sonya enabnit\PrivacIE 2010-06-22 03:38:23 0 d-sh--w- c:\documents and settings\sonya enabnit\IETldCache 2010-06-22 03:33:43 0 dc-h--w- c:\windows\ie8 2010-06-22 03:25:37 0 d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll 2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys ============= FINISH: 20:19:56.84 ===============
  9. Thanks for your assistance once again, Blade. I'll post the logs as soon as I can. I am away from the laptop until tomorrow evening...
  10. Hello, I have created a system restore point, run ATF Cleaner, backed-up registry with erunt, tried to run gmer (exits every time without finishing), ran Ad Aware Pro, etc. Still getting pop-ups and explorer running at 50% CPU. Had same problem last week on desktop system and Blade helped me get it fixed up. Have same issue on this laptop now... AdAware and HiJackThis logs below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:17 PM, on 7/15/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\Scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: Willow Road Screen Saver.lnk = C:\Program Files\WillowRD\WillowRd.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab"]http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[/url] O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url="http://download.divx.com/player/DivXBrowserPlugin.cab"]http://download.divx.com/player/DivXBrowserPlugin.cab[/url] O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - [url="http://ww2.idstclogin.com/ReportServer/roReportViewers/arview2.cab"]http://ww2.idstclogin.com/ReportServer/roR...ers/arview2.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://investools.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab"]https://investools.webex.com/client/T27L10N...ent/ieatgpc.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9112 bytes Logfile created: 7/15/2010 09:23:48 Ad-Aware version: 8.3.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Sonya Enabnit *********************** Definitions database information *********************** Lavasoft definition file: 150.13 Genotype definition file version: 2010/07/15 08:06:49 Extended engine definition file: 6585.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 104447 Objects detected: 3 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 3 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Repaired items: Description: c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp792\a0067845.dll Family Name: LooksLike.Win32.PatchedDriver!A (v) Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 40f9c4372dcd4a015d39aea8c251254d Quarantined items: Description: c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp788\a0063104.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c3844819805cafd31c18be57878de1d0 Description: c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp790\a0067233.exe Family Name: FraudTool.Win32.FakeSpyPro (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: b5130a07604e092067c3ca7eae0980bd Scan and cleaning complete: Finished correctly after 9544 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: ID: weekly_smart_scan, enabled:1, value: Weekly smart scan ID: time, enabled:1, value: Mon Jun 21 23:16:00 2010 ID: frequency, enabled:1, value: once, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: defaultprofile ID: auto_deal_with_infections, enabled:1, value: false Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Mon Jun 21 21:07:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Mon Jun 21 03:07:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Mon Jun 21 09:07:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Mon Jun 21 15:07:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Mon Jun 21 21:07:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:0, value: true ID: onaccessprotection, enabled:0, value: true ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ****************************** System information ****************************** Computer name: SONYA Processor name: Mobile AMD Sempron(tm) Processor 3500+ Processor identifier: x86 Family 15 Model 76 Stepping 2 Processor speed: ~1795MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19458, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow] Physical memory available: 399421440 bytes Physical memory total: 937402368 bytes Virtual memory available: 1828605952 bytes Virtual memory total: 2147352576 bytes Memory load: 57% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 428 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 716 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 740 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 788 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 800 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 948 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1020 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1108 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1264 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1308 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1688 name: C:\WINDOWS\Explorer.EXE owner: Sonya Enabnit domain: SONYA PID: 544 name: C:\WINDOWS\system32\ctfmon.exe owner: Sonya Enabnit domain: SONYA PID: 1600 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1160 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Sonya Enabnit domain: SONYA PID: 1004 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 976 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 2032 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Sonya Enabnit domain: SONYA Startup items: Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: Dell QuickSet imagepath: C:\Program Files\Dell\QuickSet\quickset.exe Name: SynTPEnh imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Name: ATICCC imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" Name: Broadcom Wireless Manager UI imagepath: C:\WINDOWS\system32\WLTRAY.exe Name: SigmatelSysTrayApp imagepath: stsystra.exe Name: DVDLauncher imagepath: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" Name: Google Desktop Search imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup Name: Acrobat Assistant 8.0 imagepath: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" Name: Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Name: HP Software Update imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk imagepath: C:\Program Files\Digital Line Detect\DLG.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk imagepath: C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Willow Road Screen Saver.lnk imagepath: C:\Program Files\WillowRD\WillowRd.exe Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: Eventlog displayname: Event Log Name: helpsvc displayname: Help and Support Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: PlugPlay displayname: Plug and Play Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: srservice displayname: System Restore Service Name: TermService displayname: Terminal Services Name: winmgmt displayname: Windows Management Instrumentation Name: WZCSVC displayname: Wireless Zero Configuration
  11. Thank You, Thank You, Thank You!!! I have performed the final recommended steps. I really appreciate all of your help. Cheers!
  12. OK - I have deleted the files. System is running well. Fast and no further sign of intrusion. I assume I can turn back on firewall/Ad Watch Live? What else can/should I be doing to keep my system safe? Are there other tools I should be using to compliment Ad Aware? Any advice greatly appreciated. Thank you so much for helping me with this issue. Please let me know where I can donate to help support this cause. Sad thing is, I will have to do this all over again as my mother-in-law got this same virus last week and I know we did not get it fully removed from her laptop either. Her system is running slow and has the same issues I have been experiencing (she is also using Ad Aware Pro - but was not doing any Windows or other updates). I'll post her HiJackThis log, etc. as soon as I can. THANK YOU!!!!
  13. OK - all requested scans/steps complete and logs attached. Thank you for your continued help with this! Sorry - one question while I am thinking of it if you don't mind... I have an external back-up drive that has not been connected for some time. What is the best/safest/recommended way to connect that drive again and scan the volume for issues, please? THANKS!
  14. DDS (Ver_10-03-17.01) - NTFSx86 Run by Greg Cole at 22:12:46.90 on Thu 07/08/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1447 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\acs.exe C:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\SYSTEM32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\xampp\filezillaftp\filezillaserver.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\xampp\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\stsystra.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Documents and Settings\Greg Cole\Application Data\Dropbox\bin\Dropbox.exe C:\xampp\mysql\bin\winmysqladmin.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\Greg Cole\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [RTReminder] c:\program files\lavasoft\lavasoft registry tuner\RegistryTuner.exe -rem mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\gregco~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\greg cole\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\gregco~1\startm~1\programs\startup\winmys~1.lnk - c:\xampp\mysql\bin\winmysqladmin.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\paypal payment request wizard\qb us edition\OEHook.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: intuit.com\ttlc DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} - hxxp://www.fototime.com/ftweb/activeX/WebUploadControl.cab DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://63.170.254.21/CACHE/stc/1/binaries/vpnweb.cab DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://67.40.90.115:1024/img/LinksysViewer.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\gregco~1\applic~1\mozilla\firefox\profiles\fpoi5nus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\greg cole\application data\mozilla\firefox\profiles\fpoi5nus.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-31 64288] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-3-31 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-30 95024] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-3-5 16896] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-3-31 69936] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-15 1373480] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-28 24652] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2009-9-4 25728] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-5 1352832] S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\greg cole\application data\nvidia\hwaccess.sys --> c:\documents and settings\greg cole\application data\nvidia\HWAccess.sys [?] =============== Created Last 30 ================ 2010-07-08 19:56:54 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-07-08 19:56:54 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-08 19:25:23 58 ----a-w- c:\windows\my.ini 2010-07-08 15:48:35 3728433 ----a-r- C:\something.exe 2010-07-07 17:20:31 0 d-sha-r- C:\cmdcons 2010-07-07 17:16:34 98816 ----a-w- c:\windows\sed.exe 2010-07-07 17:16:34 77312 ----a-w- c:\windows\MBR.exe 2010-07-07 17:16:34 256512 ----a-w- c:\windows\PEV.exe 2010-07-07 17:16:34 161792 ----a-w- c:\windows\SWREG.exe 2010-07-07 15:23:05 0 d-----w- c:\windows\system32\NtmsData 2010-07-06 18:58:18 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP 2010-07-06 18:58:07 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-07-05 21:53:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-05 21:53:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-05 20:57:37 0 d-----w- c:\windows\system32\wbem\Repository 2010-07-03 03:50:12 17866752 ----a-w- c:\documents and settings\greg cole\ntuser.bak 2010-06-28 18:36:04 0 d-----w- C:\e94576507cc035ae65d4 2010-06-26 15:47:11 0 d-----w- C:\1a40bef8e097f6157b5803 2010-06-15 23:27:24 0 d-----w- c:\docume~1\gregco~1\applic~1\Dropbox 2010-06-10 03:01:27 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-07-06 21:35:55 90112 ----a-w- c:\windows\DUMP3ae6.tmp 2010-07-05 21:28:51 90112 ----a-w- c:\windows\DUMP7668.tmp 2010-06-15 15:53:03 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-03 15:52:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-20 20:49:27 61304 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-20 04:14:14 93112 ----a-w- c:\windows\fonts\STOMPER_.TTF 2010-05-19 21:51:42 90112 ----a-w- c:\windows\DUMP5beb.tmp 2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll 2008-02-23 03:51:21 35 ----a-w- c:\program files\FlashDetector.ini 2006-03-31 21:38:26 469824 ----a-w- c:\windows\inf\wpn311\WPN311.sys 2006-03-31 21:38:24 35232 ----a-w- c:\windows\inf\wpn311\ME_INST.EXE 2006-03-31 21:38:24 26112 ----a-w- c:\windows\inf\wpn311\install.exe 2009-06-10 21:06:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061020090611\index.dat ============= FINISH: 22:13:38.68 ===============
  15. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, July 8, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, July 08, 2010 16:09:46 Records in database: 4242510 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 414400 Threats found: 12 Infected objects found: 20 Suspicious objects found: 0 Scan duration: 07:14:51 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\14\203e9bce-4d7ae7fb Infected: Exploit.Java.Agent.an 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\14\203e9bce-4d7ae7fb Infected: Exploit.Java.Agent.am 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\25\36342599-4251d95d Infected: Exploit.Java.Agent.aq 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\25\36342599-4251d95d Infected: Exploit.Java.Agent.ap 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\25\36342599-4251d95d Infected: Exploit.Java.Agent.ao 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\55\6aa22eb7-7c0556e3 Infected: Trojan-Downloader.Java.Agent.ao 1 C:\Documents and Settings\Greg Cole\Application Data\Sun\Java\Deployment\cache\6.0\60\64b09dbc-18865b43 Infected: Trojan-Downloader.Java.Agent.ff 1 C:\Documents and Settings\Greg Cole\Yugma\4.1\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\Documents and Settings\Greg Cole\Yugma\4.1\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1 C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe Infected: not-a-virus:NetTool.Win32.ZXProxy.pa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\fbacfa1f.sys.vir Infected: Trojan-PSW.Win32.Agent.oww 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP227\A0055604.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP227\A0055604.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0077590.sys Infected: Trojan-PSW.Win32.Agent.oww 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0077595.sys Infected: Trojan-PSW.Win32.Agent.oww 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0079239.sys Infected: Rootkit.Win32.TDSS.ap 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0080491.sys Infected: Trojan-PSW.Win32.Agent.oww 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0080499.sys Infected: Trojan-PSW.Win32.Agent.oww 1 Selected area has been scanned.