Can't Run Spybot or start any program even in safe mode.

**Blade81** · 2009-09-11, 10:15

Question: Am I supposed to delete and dump the infected files when Malwarebytes finds them (I have been doing this)?

Yes.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\fukaxoki.com
Folder::
c:\program files\TSC
c:\program files\Common Files\TSCUninstall
DDS::
uURLSearchHooks: H - No File
BHO: {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - No File
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 & 9.1.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall Shockwave and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

**Smithbro** · 2009-09-12, 20:57

Note: ComboFix did take right at 21 minutes to reboot, (fingers started tapping) then another 8 or so minutes to post log.
: Also, a new version of ComboFix window came up and I closed it without install.
: After removing and installing new software, I cannot locate the Combo file.... For some reason I may have not saved it correctly, I apologize. Be happy to run a new CF if you need.
: Still have Virus Pro shortcut on desktop and in program list.
I think that's about it......

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 12, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 12, 2009 04:56:46
Records in database: 2782556
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 65520
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:48:08

File name / Threat / Threats count
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002 Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9 Infected: Trojan.Win32.BHO.hj 1
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.kn 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wisdstr.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fmd 1

Selected area has been scanned.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 14:43:26.51 on Sat 09/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.55 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\rick\application data\mozilla\firefox\profiles\ziv3fga5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2009-09-11 22:34 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-11 21:32 23,108 a------- c:\windows\system32\productregistry
2009-09-11 21:29 <DIR> --d----- C:\Sun
2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 230,912 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-10 01:29 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys

==================== Find3M ====================

2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:44:44.50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/11/2009 10:38:55 PM (16 hours ago)

Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 35 GiB total, 23.514 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP3: 9/11/2009 5:17:29 PM - Removed Adobe Reader 7.0
RP4: 9/11/2009 5:38:41 PM - Installed Adobe Reader 9.1.
RP5: 9/11/2009 9:19:47 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP6: 9/11/2009 10:33:18 PM - Installed Java(TM) 6 Update 14
RP7: 9/11/2009 10:52:41 PM - Installed Java(TM) 6 Update 15

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:45:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/11/2009 5:01:34 PM, error: Service Control Manager [7022] - The Process Monitor service hung on starting.
9/10/2009 11:06:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 11:04:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 1:31:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 1:16:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/10/2009 1:13:42 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

May not be able to get back to you til tomorrow, football game tonight.
Thanks again for your patience.
Rick

**Blade81** · 2009-09-13, 10:05

Hi Rick,

If you can't find new ComboFix.txt log file then run ComboFix again (let it update itself too).

**Smithbro** · 2009-09-13, 22:08

ComboFix 09-09-13.04 - Rick 09/13/2009 15:19.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.143 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rick\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Rick\Local Settings\Application Data\qisu._sy
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Rick\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\wscui.cpl
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-12 02:34 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- C:\Sun
2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 02:53 . 2004-10-06 03:30 -------- d-----w- c:\program files\Java
2009-09-11 21:40 . 2005-02-09 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 21:26 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 21:24 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-09-10 17:50 . 2005-02-09 02:11 64848 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:21 . 2009-08-12 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_17.31.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-13 19:45 . 2009-09-13 19:45 16384 c:\windows\temp\Perflib_Perfdata_204.dat
+ 2009-09-11 22:28 . 2009-09-11 22:28 85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-09-11 21:32 . 2009-09-11 21:32 20480 c:\windows\Installer\1e1e48.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-09-12 02:33 . 2009-09-12 02:33 536576 c:\windows\Installer\410836.msi
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-09-11 21:50 . 2009-09-11 21:50 1697792 c:\windows\Installer\1e1e7f.msp
+ 2009-09-11 21:46 . 2009-09-11 21:46 6653952 c:\windows\Installer\1e1e71.msp
+ 2009-09-11 21:41 . 2009-09-11 21:41 3938816 c:\windows\Installer\1e1e4d.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-9-11 139264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urssq]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 15:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-13 15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 19:55
ComboFix2.txt 2009-09-11 21:09
ComboFix3.txt 2009-09-10 17:37

Pre-Run: 25,228,984,320 bytes free
Post-Run: 25,298,022,400 bytes free

261 --- E O F --- 2009-09-10 07:09

**Blade81** · 2009-09-14, 16:52

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urssq]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?

**Smithbro** · 2009-09-14, 21:25

System seems to be running A-OK. No glitches other than friggin Yahoo email refusing to hold onto my login & password......
ComboFix 09-09-14.01 - Rick 09/14/2009 14:52.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.251 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\27FA1E44"
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\530D2002"
"c:\program files\Norton SystemWorks\Norton Antivirus\Quarantine\710F37D9"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-12 02:34 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- C:\Sun
2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 02:53 . 2004-10-06 03:30 -------- d-----w- c:\program files\Java
2009-09-11 21:40 . 2005-02-09 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 21:26 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 21:24 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-09-10 17:50 . 2005-02-09 02:11 64848 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:21 . 2009-08-12 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_17.31.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 19:04 . 2009-09-14 19:04 16384 c:\windows\temp\Perflib_Perfdata_790.dat
+ 2009-09-11 22:28 . 2009-09-11 22:28 85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-09-11 21:32 . 2009-09-11 21:32 20480 c:\windows\Installer\1e1e48.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-12 02:53 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-09-12 02:33 . 2009-09-12 02:33 536576 c:\windows\Installer\410836.msi
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-09-11 21:50 . 2009-09-11 21:50 1697792 c:\windows\Installer\1e1e7f.msp
+ 2009-09-11 21:46 . 2009-09-11 21:46 6653952 c:\windows\Installer\1e1e71.msp
+ 2009-09-11 21:41 . 2009-09-11 21:41 3938816 c:\windows\Installer\1e1e4d.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-9-11 139264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BroadJump Client Foundation - c:\windows\IsUninst.exe -fc:\program files\BroadJump\Client Foundation\Uninst.isu -cc:\program files\BroadJump\Client Foundation\RmvBJCFD.dll
AddRemove-CANONBJ_Deinstall_CNMCP4b.DLL - c:\windows\system32\CNMCP4b.exe -PRINTERNAMECanon i850 -HELPERDLLc:\bjprinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 15:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5560)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
.
**************************************************************************
.
Completion time: 2009-09-14 15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-14 19:15
ComboFix2.txt 2009-09-13 19:55
ComboFix3.txt 2009-09-11 21:09
ComboFix4.txt 2009-09-10 17:37

Pre-Run: 25,591,083,008 bytes free
Post-Run: 25,549,606,912 bytes free

251 --- E O F --- 2009-09-10 07:09

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/14/2009 3:03:54 PM (0 hours ago)

Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 35 GiB total, 23.82 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP3: 9/11/2009 5:17:29 PM - Removed Adobe Reader 7.0
RP4: 9/11/2009 5:38:41 PM - Installed Adobe Reader 9.1.
RP5: 9/11/2009 9:19:47 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP6: 9/11/2009 10:33:18 PM - Installed Java(TM) 6 Update 14
RP7: 9/11/2009 10:52:41 PM - Installed Java(TM) 6 Update 15
RP8: 9/13/2009 5:28:43 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/9/2009 8:37:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2009 8:10:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/8/2009 8:10:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:08:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/14/2009 2:53:07 PM, error: Service Control Manager [7000] - The Belkin Wireless USB Network Adapter service failed to start due to the following error: The pipe has been ended.
9/13/2009 3:41:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Belkin Wireless USB Network Adapter service to connect.
9/13/2009 3:41:54 PM, error: Service Control Manager [7000] - The Belkin Wireless USB Network Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2009 3:18:28 PM, error: Service Control Manager [7031] - The Belkin Wireless USB Network Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/13/2009 3:17:33 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/11/2009 9:20:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/11/2009 5:01:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/11/2009 5:01:34 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
9/11/2009 5:01:34 PM, error: Service Control Manager [7022] - The Process Monitor service hung on starting.
9/11/2009 10:41:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/11/2009 10:41:43 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 5:39:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 5:37:12 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 11:06:59 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 11:02:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/10/2009 10:55:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 15:17:27.38 on Mon 09/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.159 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\rick\application data\mozilla\firefox\profiles\ziv3fga5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2009-09-11 22:34 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-11 21:32 23,108 a------- c:\windows\system32\productregistry
2009-09-11 21:29 <DIR> --d----- C:\Sun
2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 229,888 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys

==================== Find3M ====================

2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:17:57.39 ===============

**Blade81** · 2009-09-15, 06:45

No glitches other than friggin Yahoo email refusing to hold onto my login & password......

Was that issue introduced during the cleaning process? Does it do this on both IE and Firefox? Try to clear browser cache to see if it helps.

**Smithbro** · 2009-09-15, 17:38

Yes it looks as if something has changed within the Firefox-Yahoo login procedure. Checked the Options and everything "seems" to be Ok, also cleared the cache and it still won't go directly to my home page. IE has no issue with it a-ok. Not a big problem, can live with it, but will it pose a problem in the future?

**Blade81** · 2009-09-15, 17:53

Hi,

If it worked earlier ok I'd reinstall Firefox. This time you could install version of new 3.5.x series.

**Smithbro** · 2009-09-16, 00:08

I will give the reinstall a try. Are we done yet???????
Thanks, Rick

Thread: Can't Run Spybot or start any program even in safe mode.

Thread Tools

Display

Notes and Logs

ComboFix Log

Posting Permissions