Click Start>>Run.
In the Run box copy/paste:
devmgmt.msc
then click OK.
Click the +/- symbol next to Network Adapters.
This should show you a list of installed network adapters, controllers etc.
Do any have question marks/exclamation marks etc. next to them?
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Network adapters
No, no exclamation marks or questions marks.
1394 Net Adapter.........properties states working properly
Realteck RTL8139.........properties states working properly
Wireless LAN PCI 802.11 b/g..........disabled (I don't use wireless anyway)
Next????
Please run Combofix again
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Combo.exe log
ComboFix 09-08-10.06 - HP_Administrator 08/12/2009 8:49.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.480 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\NetworkService\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\LocalService\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\Administrator\AppData\Local\temp
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\NetworkService\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\LocalService\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\HP_Administrator\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\Administrator\AppData
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-11 16:56 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-03 17:59 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_22.59.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 15:46 . 2009-08-12 15:46 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2009-08-12 15:46 . 2009-08-12 15:46 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2005-08-30 21:02 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-10 22:55 . 2009-08-10 22:55 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-11 43520]
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-11 15:02 43520 ----a-w- c:\program files\AGI\common\agcutils.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder
2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 09:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-12 9:07
ComboFix-quarantined-files.txt 2009-08-12 16:07
ComboFix2.txt 2009-08-11 16:14
ComboFix3.txt 2009-08-10 23:14
Pre-Run: 196,874,809,344 bytes free
Post-Run: 196,844,212,224 bytes free
264 --- E O F --- 2009-08-07 04:19
Do you have the Active Scan log ?
How are things running now ?
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Still stuck
I still cannot connect to the internet, therefore I cannot download and run any of the other things you wanted me to. I was able to send the combofix.exe log only because I could put it on a flash drive and send it via my husband's computer. How do I get my internet connection back? "One step forward, two steps back" LOL!
Combofix created a fresh restore point before it ran.
Please open System Restore and find the most recent restore point and then move back one. ( you've run combofix since, so we need the second to last)
Restore that and see if that sorts the connection problem.
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Success! Back online.
Restoring worked, I am back online. Now, do you want me to do all the things you suggested in post #9? Or something new? Thanks so much for hanging in there with me.
Something new I think, it didn't work out so well last timedo you want me to do all the things you suggested in post #9? Or something new?
Thank you for sticking with meThanks so much for hanging in there with me.
Let's do this step by step.
Download a fresh copy of Combofix and run that. Then do the following
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
- Click the Scan Now button
- Follow the prompts to install the Active X if necessary
- Go and make a cup of tea/coffee/beverage of your choice and watch some TV
- When the scan is finished, a report will be generated
- Next to Scan Details click the small export to notepad button and save the report to your desktop.
- Please post the report in your reply.
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
Combofix.exe
Can you send me the link for the fresh copy of combofix.exe, or should I use the one in post #9?
Posting Permissions
