|
-
September 28th, 2009, 11:17 AM
#1
 [RESOLVED] Computer Very Slow
Hello.
This computer has been running really slow for the last week or so. Also I think my wife inadvertantly downloaded something called "search guard plus" It may have come from something called My web tattoo. If someone could please review these logs, I would be very greatfull. Thank you.
I ran MBAM, Superantispyware, combofix, and hijackthis. I was unable to access safe mode to run Superantispyware so it was run from normal mode.
I see where i can uninstall search guard from add/remove programs but i haven't done so yet. Also search guard pops up every few minutes saying that some program is trying to change the default search page.
Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 5.1.2600 Service Pack 3
9/28/2009 8:20:48 AM
mbam-log-2009-09-28 (08-20-48).txt
Scan type: Full Scan (C:\|)
Objects scanned: 264664
Time elapsed: 1 hour(s), 23 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/28/2009 at 10:07 AM
Application Version : 4.24.1004
Core Rules Database Version : 4130
Trace Rules Database Version: 2065
Scan type : Complete Scan
Total Scan Time : 01:13:14
Memory items scanned : 376
Memory threats detected : 0
Registry items scanned : 7974
Registry threats detected : 23
File items scanned : 31248
File threats detected : 24
Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\FAST BROWSER SEARCH\IE\TBHELPER.DLL
Adware.Tracking Cookie
**** I Deleted 21 Tracking Cookies From This Log****
Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
Adware.CouponBar
C:\WINDOWS\CPNPRT2.CID
C:\WINDOWS\SYSTEM32\CPNPRT2.CID
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:16 AM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godaddy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\money\System\mnyside.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/Ch...zTCPConfig.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1234576342125
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...sh.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161565664781
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://millerstraining.webex.com/cl...ng/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.vistacare.com/dana-ca...niperSetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11212 bytes
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 28th, 2009, 11:18 AM
#2
ComboFix 09-09-27.05 - Charles F. Mitchell 09/28/2009 10:20.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.679 [GMT -4:00]
Running from: c:\documents and settings\Charles F. Mitchell\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\system32\sstray.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.
2009-09-27 19:12 . 2009-09-28 14:27 8192 ----a-w- C:\mtwb.dat
2009-09-09 23:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 23:46 . 2009-09-07 23:46 -------- d-----w- c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 12:22 . 2003-05-18 23:54 -------- d-----w- c:\program files\America Online 8.0
2009-09-28 02:25 . 2008-09-20 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 19:12 . 2009-08-16 23:30 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-27 19:12 . 2009-08-16 23:30 -------- d-----w- c:\program files\Search Guard Plus
2009-09-25 13:36 . 2007-02-09 00:31 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Simple Sudoku
2009-09-13 12:10 . 2009-01-11 22:41 -------- d-----w- c:\program files\AOL Games
2009-09-12 15:37 . 2006-08-12 18:12 -------- d-----w- c:\program files\Verizon
2009-09-11 13:54 . 2008-08-14 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2008-09-20 03:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-20 03:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 23:45 . 2007-09-09 01:37 -------- d-----w- c:\program files\TomTom HOME 2
2009-09-04 17:21 . 2007-04-22 18:15 -------- d-----w- c:\program files\Google
2009-09-03 01:19 . 2006-08-12 18:12 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Verizon
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Broderbund
2009-08-11 15:23 . 2003-07-24 00:44 -------- d-----w- c:\program files\Common Files\Broderbund
2009-08-11 15:23 . 2003-05-08 04:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 15:21 . 2003-07-24 00:53 -------- d-----w- c:\program files\Web Publish
2009-08-11 15:15 . 2003-07-24 00:44 -------- d-----w- c:\program files\Broderbund
2009-08-05 13:08 . 2009-05-16 11:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2003-12-14 14:25 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:41 . 2006-01-02 04:30 -------- d-----w- c:\program files\Java
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Flood Light Games
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-08-03 13:34 . 2003-07-18 21:10 -------- d-----w- c:\program files\GoldWave
2009-08-03 13:08 . 2008-04-22 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 13:08 . 2008-06-22 15:24 -------- d-----w- c:\program files\SpywareBlaster
2009-07-25 09:23 . 2009-07-21 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-26 22:57 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2005-03-18 00:43 . 2003-11-15 02:53 21 ------w- c:\program files\AVPersonalAVWIN.INI
2006-03-08 17:06 . 2006-03-08 17:06 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-04 122368]
"SGPUpdater"="c:\program files\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]
"FBSearch"="c:\program files\Search Guard Plus\SearchGuardPlus.exe" [2009-05-04 194432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\program files\common files\adobe\calibration\adobe gamma loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 8.0\\waol.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP HCP Discovery Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [5/8/2003 1:14 PM 84529]
R1 NEOFLTR_530_10741;Juniper Networks TDI Filter Driver (NEOFLTR_530_10741);c:\windows\system32\drivers\NEOFLTR_530_10741.sys [5/25/2006 8:15 PM 57063]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 7:44 AM 108289]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/24/2002 11:57 AM 81356]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [6/24/2002 11:57 AM 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [6/24/2002 11:57 AM 9804]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 1:51 PM 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7/8/2004 12:30 PM 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7/8/2004 12:30 PM 36261]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [5/14/2006 8:50 PM 9446]
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-23 c:\windows\Tasks\DriveImage Backup.job
- c:\program files\Runtime Software\DriveImage XML\DriveImage Backup.bat [2009-02-15 12:23]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004Core.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004UA.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.godaddy.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Charles F. Mitchell\Application Data\Mozilla\Firefox\Profiles\1hz11ldk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-ab-en-us&query=
FF - plugin: c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
// More DOM/JavaScript options
// Make sure all pop-up windows are resizable:
FF - user.js: dom.disable_window_open_feature.resizable - true
// Make sure all pop-up windows are minimizable:
FF - user.js: dom.disable_window_open_feature.minimizable - true
// Always display the menu in pop-up windows:
FF - user.js: dom.disable_window_open_feature.menubar - true
// Always display the Navigation Toolbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.location - true
// Always display the scrollbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.cache.disk_cache_ssl - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: plugin.expose_full_path - true
FF - user.js: signed.applets.codebase_principal_support - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 10:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?p" hot_icons="icons.bmp" name="Fast Browser S
FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?p" hot_icons="icons.bmp" name="Fast Browser S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.07]
@DACL=(02 0000)
.
Completion time: 2009-09-28 10:31
ComboFix-quarantined-files.txt 2009-09-28 14:31
Pre-Run: 18,832,138,240 bytes free
Post-Run: 18,806,530,048 bytes free
228 --- E O F --- 2009-09-11 03:05
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 28th, 2009, 09:39 PM
#3
Please, uninstall Search Guard Plus through Add\Remove (if listed).
Re-run Combofix and post fresh log along with HJT log.
-
September 28th, 2009, 11:22 PM
#4
Went to add/remove program files. There were search guard plus and search guard plus updater. Tried to remove them but got the microsoft pop up that windows has encountered an error... restarted the machine and search guard didn't start automatically. ran combofix and hjt.
ComboFix 09-09-28.01 - Charles F. Mitchell 09/28/2009 22:56.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.667 [GMT -4:00]
Running from: c:\documents and settings\Charles F. Mitchell\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-09 23:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 23:46 . 2009-09-07 23:46 -------- d-----w- c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 23:30 . 2003-05-18 23:54 -------- d-----w- c:\program files\America Online 8.0
2009-09-28 18:08 . 2007-02-09 00:31 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Simple Sudoku
2009-09-28 02:25 . 2008-09-20 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 19:12 . 2009-08-16 23:30 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-27 19:12 . 2009-08-16 23:30 -------- d-----w- c:\program files\Search Guard Plus
2009-09-13 12:10 . 2009-01-11 22:41 -------- d-----w- c:\program files\AOL Games
2009-09-12 15:37 . 2006-08-12 18:12 -------- d-----w- c:\program files\Verizon
2009-09-11 13:54 . 2008-08-14 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2008-09-20 03:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-20 03:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 23:45 . 2007-09-09 01:37 -------- d-----w- c:\program files\TomTom HOME 2
2009-09-04 17:21 . 2007-04-22 18:15 -------- d-----w- c:\program files\Google
2009-09-03 01:19 . 2006-08-12 18:12 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Verizon
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Broderbund
2009-08-11 15:23 . 2003-07-24 00:44 -------- d-----w- c:\program files\Common Files\Broderbund
2009-08-11 15:23 . 2003-05-08 04:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 15:21 . 2003-07-24 00:53 -------- d-----w- c:\program files\Web Publish
2009-08-11 15:15 . 2003-07-24 00:44 -------- d-----w- c:\program files\Broderbund
2009-08-05 13:08 . 2009-05-16 11:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2003-12-14 14:25 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:41 . 2006-01-02 04:30 -------- d-----w- c:\program files\Java
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Flood Light Games
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-08-03 13:34 . 2003-07-18 21:10 -------- d-----w- c:\program files\GoldWave
2009-08-03 13:08 . 2008-04-22 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 13:08 . 2008-06-22 15:24 -------- d-----w- c:\program files\SpywareBlaster
2009-07-25 09:23 . 2009-07-21 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-26 22:57 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2005-03-18 00:43 . 2003-11-15 02:53 21 ------w- c:\program files\AVPersonalAVWIN.INI
2006-03-08 17:06 . 2006-03-08 17:06 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-04 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\program files\common files\adobe\calibration\adobe gamma loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 8.0\\waol.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [5/8/2003 1:14 PM 84529]
R1 NEOFLTR_530_10741;Juniper Networks TDI Filter Driver (NEOFLTR_530_10741);c:\windows\system32\drivers\NEOFLTR_530_10741.sys [5/25/2006 8:15 PM 57063]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 7:44 AM 108289]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/24/2002 11:57 AM 81356]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [6/24/2002 11:57 AM 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [6/24/2002 11:57 AM 9804]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 1:51 PM 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7/8/2004 12:30 PM 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7/8/2004 12:30 PM 36261]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [5/14/2006 8:50 PM 9446]
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-23 c:\windows\Tasks\DriveImage Backup.job
- c:\program files\Runtime Software\DriveImage XML\DriveImage Backup.bat [2009-02-15 12:23]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004Core.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004UA.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.godaddy.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Charles F. Mitchell\Application Data\Mozilla\Firefox\Profiles\1hz11ldk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-ab-en-us&query=
FF - plugin: c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
// More DOM/JavaScript options
// Make sure all pop-up windows are resizable:
FF - user.js: dom.disable_window_open_feature.resizable - true
// Make sure all pop-up windows are minimizable:
FF - user.js: dom.disable_window_open_feature.minimizable - true
// Always display the menu in pop-up windows:
FF - user.js: dom.disable_window_open_feature.menubar - true
// Always display the Navigation Toolbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.location - true
// Always display the scrollbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.cache.disk_cache_ssl - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: plugin.expose_full_path - true
FF - user.js: signed.applets.codebase_principal_support - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 23:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.07]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-29 23:08
ComboFix-quarantined-files.txt 2009-09-29 03:08
ComboFix2.txt 2009-09-28 14:31
Pre-Run: 18,787,479,552 bytes free
Post-Run: 18,753,822,720 bytes free
225 --- E O F --- 2009-09-11 03:05
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 28th, 2009, 11:23 PM
#5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:17 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godaddy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\money\System\mnyside.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/Ch...zTCPConfig.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1234576342125
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...sh.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161565664781
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://millerstraining.webex.com/cl...ng/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.vistacare.com/dana-ca...niperSetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11274 bytes
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 29th, 2009, 07:11 PM
#6
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\program files\AVPersonalAVWIN.INI
Folder::
c:\program files\Search Guard PlusU
c:\program files\Search Guard Plus
Driver::
Registry::
RegLockDel::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.
-
September 30th, 2009, 08:32 AM
#7
ComboFix 09-09-29.04 - Charles F. Mitchell 09/30/2009 8:12.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -4:00]
Running from: c:\documents and settings\Charles F. Mitchell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charles F. Mitchell\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
FILE ::
"c:\program files\AVPersonalAVWIN.INI"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AVPersonalAVWIN.INI
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-09 23:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 23:46 . 2009-09-07 23:46 -------- d-----w- c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 12:20 . 2009-08-16 23:30 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-30 09:51 . 2003-05-18 23:54 -------- d-----w- c:\program files\America Online 8.0
2009-09-29 15:09 . 2007-02-09 00:31 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Simple Sudoku
2009-09-28 02:25 . 2008-09-20 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 12:10 . 2009-01-11 22:41 -------- d-----w- c:\program files\AOL Games
2009-09-12 15:37 . 2006-08-12 18:12 -------- d-----w- c:\program files\Verizon
2009-09-11 13:54 . 2008-08-14 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2008-09-20 03:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-20 03:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 23:45 . 2007-09-09 01:37 -------- d-----w- c:\program files\TomTom HOME 2
2009-09-04 17:21 . 2007-04-22 18:15 -------- d-----w- c:\program files\Google
2009-09-03 01:19 . 2006-08-12 18:12 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Verizon
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Broderbund
2009-08-11 15:23 . 2003-07-24 00:44 -------- d-----w- c:\program files\Common Files\Broderbund
2009-08-11 15:23 . 2003-05-08 04:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 15:21 . 2003-07-24 00:53 -------- d-----w- c:\program files\Web Publish
2009-08-11 15:15 . 2003-07-24 00:44 -------- d-----w- c:\program files\Broderbund
2009-08-05 13:08 . 2009-05-16 11:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2003-12-14 14:25 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:41 . 2006-01-02 04:30 -------- d-----w- c:\program files\Java
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Flood Light Games
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-08-03 13:34 . 2003-07-18 21:10 -------- d-----w- c:\program files\GoldWave
2009-08-03 13:08 . 2008-04-22 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 13:08 . 2008-06-22 15:24 -------- d-----w- c:\program files\SpywareBlaster
2009-07-25 09:23 . 2009-07-21 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-26 22:57 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-03-08 17:06 . 2006-03-08 17:06 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-04 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\program files\common files\adobe\calibration\adobe gamma loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 8.0\\waol.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [5/8/2003 1:14 PM 84529]
R1 NEOFLTR_530_10741;Juniper Networks TDI Filter Driver (NEOFLTR_530_10741);c:\windows\system32\drivers\NEOFLTR_530_10741.sys [5/25/2006 8:15 PM 57063]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 7:44 AM 108289]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/24/2002 11:57 AM 81356]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [6/24/2002 11:57 AM 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [6/24/2002 11:57 AM 9804]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 1:51 PM 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7/8/2004 12:30 PM 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7/8/2004 12:30 PM 36261]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [5/14/2006 8:50 PM 9446]
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-30 c:\windows\Tasks\DriveImage Backup.job
- c:\program files\Runtime Software\DriveImage XML\DriveImage Backup.bat [2009-02-15 12:23]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004Core.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004UA.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.godaddy.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Charles F. Mitchell\Application Data\Mozilla\Firefox\Profiles\1hz11ldk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-ab-en-us&query=
FF - plugin: c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
// More DOM/JavaScript options
// Make sure all pop-up windows are resizable:
FF - user.js: dom.disable_window_open_feature.resizable - true
// Make sure all pop-up windows are minimizable:
FF - user.js: dom.disable_window_open_feature.minimizable - true
// Always display the menu in pop-up windows:
FF - user.js: dom.disable_window_open_feature.menubar - true
// Always display the Navigation Toolbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.location - true
// Always display the scrollbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.cache.disk_cache_ssl - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: plugin.expose_full_path - true
FF - user.js: signed.applets.codebase_principal_support - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 08:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.07]
@DACL=(02 0000)
.
Completion time: 2009-09-30 8:23
ComboFix-quarantined-files.txt 2009-09-30 12:22
ComboFix2.txt 2009-09-28 14:31
Pre-Run: 18,763,063,296 bytes free
Post-Run: 18,726,842,368 bytes free
235 --- E O F --- 2009-09-11 03:05
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 30th, 2009, 08:33 AM
#8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:47 AM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godaddy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\money\System\mnyside.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/Ch...zTCPConfig.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1234576342125
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...sh.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161565664781
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://millerstraining.webex.com/cl...ng/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.vistacare.com/dana-ca...niperSetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10986 bytes
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
September 30th, 2009, 07:16 PM
#9
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
Folder::
c:\program files\Search Guard PlusU
Driver::
Registry::
RegLockDel::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.
-
October 1st, 2009, 12:02 AM
#10
ComboFix 09-09-30.05 - Charles F. Mitchell 09/30/2009 23:43.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.668 [GMT -4:00]
Running from: c:\documents and settings\Charles F. Mitchell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charles F. Mitchell\Desktop\CFSCript.tst.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Search Guard PlusU
.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.
2009-09-09 23:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 23:46 . 2009-09-07 23:46 -------- d-----w- c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 18:54 . 2003-05-18 23:54 -------- d-----w- c:\program files\America Online 8.0
2009-09-30 12:45 . 2007-02-09 00:31 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Simple Sudoku
2009-09-28 02:25 . 2008-09-20 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 12:10 . 2009-01-11 22:41 -------- d-----w- c:\program files\AOL Games
2009-09-12 15:37 . 2006-08-12 18:12 -------- d-----w- c:\program files\Verizon
2009-09-11 13:54 . 2008-08-14 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2008-09-20 03:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-09-20 03:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 23:45 . 2007-09-09 01:37 -------- d-----w- c:\program files\TomTom HOME 2
2009-09-04 17:21 . 2007-04-22 18:15 -------- d-----w- c:\program files\Google
2009-09-03 01:19 . 2006-08-12 18:12 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Verizon
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Broderbund
2009-08-11 15:23 . 2003-07-24 00:44 -------- d-----w- c:\program files\Common Files\Broderbund
2009-08-11 15:23 . 2003-05-08 04:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 15:21 . 2003-07-24 00:53 -------- d-----w- c:\program files\Web Publish
2009-08-11 15:15 . 2003-07-24 00:44 -------- d-----w- c:\program files\Broderbund
2009-08-05 13:08 . 2009-05-16 11:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2003-12-14 14:25 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:41 . 2006-01-02 04:30 -------- d-----w- c:\program files\Java
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\Charles F. Mitchell\Application Data\Flood Light Games
2009-08-04 16:27 . 2009-08-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-08-03 13:34 . 2003-07-18 21:10 -------- d-----w- c:\program files\GoldWave
2009-08-03 13:08 . 2008-04-22 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 13:08 . 2008-06-22 15:24 -------- d-----w- c:\program files\SpywareBlaster
2009-07-25 09:23 . 2009-07-21 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2003-09-26 22:57 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-03-08 17:06 . 2006-03-08 17:06 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-04 122368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\program files\common files\adobe\calibration\adobe gamma loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 8.0\\waol.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [5/8/2003 1:14 PM 84529]
R1 NEOFLTR_530_10741;Juniper Networks TDI Filter Driver (NEOFLTR_530_10741);c:\windows\system32\drivers\NEOFLTR_530_10741.sys [5/25/2006 8:15 PM 57063]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 7:44 AM 108289]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/24/2002 11:57 AM 81356]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [6/24/2002 11:57 AM 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [6/24/2002 11:57 AM 9804]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 1:51 PM 133104]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7/8/2004 12:30 PM 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7/8/2004 12:30 PM 36261]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys --> c:\windows\System32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [5/14/2006 8:50 PM 9446]
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-30 c:\windows\Tasks\DriveImage Backup.job
- c:\program files\Runtime Software\DriveImage XML\DriveImage Backup.bat [2009-02-15 12:23]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 17:51]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004Core.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
2009-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1284227242-839522115-1004UA.job
- c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 03:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.godaddy.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Charles F. Mitchell\Application Data\Mozilla\Firefox\Profiles\1hz11ldk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-ab-en-us&query=
FF - plugin: c:\documents and settings\Charles F. Mitchell\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
// More DOM/JavaScript options
// Make sure all pop-up windows are resizable:
FF - user.js: dom.disable_window_open_feature.resizable - true
// Make sure all pop-up windows are minimizable:
FF - user.js: dom.disable_window_open_feature.minimizable - true
// Always display the menu in pop-up windows:
FF - user.js: dom.disable_window_open_feature.menubar - true
// Always display the Navigation Toolbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.location - true
// Always display the scrollbar in pop-up windows:
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.cache.disk_cache_ssl - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: plugin.expose_full_path - true
FF - user.js: signed.applets.codebase_principal_support - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 23:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.07]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-01 23:55
ComboFix-quarantined-files.txt 2009-10-01 03:55
ComboFix2.txt 2009-09-28 14:31
Pre-Run: 18,715,430,912 bytes free
Post-Run: 18,680,844,288 bytes free
227 --- E O F --- 2009-09-11 03:05
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
October 1st, 2009, 12:02 AM
#11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:22 AM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godaddy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\money\System\mnyside.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/Ch...zTCPConfig.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1234576342125
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...sh.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161565664781
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://millerstraining.webex.com/cl...ng/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.vistacare.com/dana-ca...niperSetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11274 bytes
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
October 1st, 2009, 09:07 PM
#12
Very good 
Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe- Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
- This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, select Complete scan.
- Click the green arrow
 at the right, and the scan will start. - Click Yes to all if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
Post fresh HijackThis log as well.
-
October 3rd, 2009, 08:10 AM
#13
Drweb didn't ask what to do with files so after it was done I opted to meve the infected files. When I restarted the computer, chldsk was scanning disks and such. It seemed to start normally after that.
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.210.2.4_suite;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4028;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Program Files\AOL\Internet Access Controls\Installer;Probably BACKDOOR.Trojan;Moved.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;Moved.;
npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;Moved.;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:58 AM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godaddy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOL Radio Toolbar Search Class - {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\money\System\mnyside.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/Ch...zTCPConfig.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1234576342125
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...sh.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161565664781
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://millerstraining.webex.com/cl...ng/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://secure.vistacare.com/dana-ca...niperSetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11381 bytes
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
-
October 3rd, 2009, 06:05 PM
#14
Print this post out, since you won't have an access to it, at some point.
1. Open HijackThis.
2. Close all windows, except for HijackThis.
3. Put checkmarks next to the following HijackThis entries:
nothing malicious to remove
4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
5. Click on Fix checked button.
6. Restart computer.
When done....
Your computer is clean 
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
3. Restart computer.
4. Turn System Restore on.
5. Make sure, Windows Updates are current.
6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
8. Run defrag at your convenience.
9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
10. Please, let me know, how is your computer doing.
-
October 3rd, 2009, 07:10 PM
#15
Thank you very much Broni.
I have another problem in that I can't start the computer in safe mode. Should I post this in windows xp or can you look at it.
Thank you.
Desktop: Dell I620. Win 7 Home Premium
Laptop 1: Toshiba, Win7 home premium
Laptop 2: Macbook Pro
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
