rlvanwyk
2009-08-27, 00:02
Hi guys, I'm new here.
I'm fixing/cleaning a PC for a friend, and it was really infected... I'm using Spybot, Adware, Superantispyware, and AVG.
However, Spybot keeps telling me that there's a Smitfraud-C registry entry (no files ever) but it can't delete them and needs to run on restart. But if you run on restart, it still says it can't delete them.
And Adware keeps telling me there's a Win32TrojanSpyAgent (I know it's not your product, but thought they might be related)
What do i need to do?
I have attached a Hijackthis log for your analysis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:37 PM, on 8/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: (no name) - {be321b82-e695-4657-adb9-43b811f65214} - C:\WINDOWS\system32\kelaworu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [SpywareGuard] "C:\mpktnpah.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Holly\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {0775F431-F23E-472A-836F-B89E454C12C0} - http://qwest.live.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153192752752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O20 - AppInit_DLLs: C:\DOCUME~1\Holly\LOCALS~1\Temp\432356140724mxx.dll C:\WINDOWS\system32\hivopigi.dll C:\WINDOWS\system32\hapisiha.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - http://images.neopets.com/games/new_tradingcards/sm_pink_day_2005.gif
--
End of file - 10570 bytes
rlvanwyk
2009-09-02, 03:17
here is attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/27/2005 11:37:28 AM
System Uptime: 9/1/2009 6:25:43 PM (1 hours ago)
Motherboard: Dell Inc. | | 0R7935
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 146 GiB total, 109.684 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1324: 6/4/2009 7:23:56 AM - System Checkpoint
RP1325: 6/5/2009 9:11:59 AM - System Checkpoint
RP1326: 6/5/2009 7:54:43 PM - Software Distribution Service 3.0
RP1327: 6/6/2009 8:13:07 AM - Software Distribution Service 3.0
RP1328: 6/14/2009 2:26:14 PM - System Checkpoint
RP1329: 6/15/2009 3:29:57 PM - System Checkpoint
RP1330: 6/16/2009 5:41:52 PM - System Checkpoint
RP1331: 6/17/2009 6:02:51 PM - System Checkpoint
RP1332: 6/18/2009 6:27:34 PM - System Checkpoint
RP1333: 6/19/2009 7:07:03 PM - System Checkpoint
RP1334: 6/20/2009 8:17:54 PM - System Checkpoint
RP1335: 6/21/2009 1:00:25 AM - Software Distribution Service 3.0
RP1336: 6/22/2009 1:58:08 AM - System Checkpoint
RP1337: 6/23/2009 4:10:39 AM - System Checkpoint
RP1338: 6/24/2009 6:34:39 AM - System Checkpoint
RP1339: 6/25/2009 7:58:38 AM - System Checkpoint
RP1340: 6/26/2009 8:59:09 AM - System Checkpoint
RP1341: 6/27/2009 9:22:41 AM - System Checkpoint
RP1342: 6/28/2009 1:00:32 AM - Software Distribution Service 3.0
RP1343: 6/29/2009 1:10:41 AM - System Checkpoint
RP1344: 6/30/2009 1:58:39 AM - System Checkpoint
RP1345: 7/1/2009 3:10:40 AM - System Checkpoint
RP1346: 7/2/2009 3:20:55 AM - System Checkpoint
RP1347: 7/3/2009 4:24:14 AM - System Checkpoint
RP1348: 7/4/2009 5:35:12 AM - System Checkpoint
RP1349: 7/5/2009 1:00:22 AM - Software Distribution Service 3.0
RP1350: 7/6/2009 1:23:12 AM - System Checkpoint
RP1351: 7/7/2009 2:24:19 AM - System Checkpoint
RP1352: 7/8/2009 5:50:55 PM - System Checkpoint
RP1353: 7/10/2009 5:46:57 PM - System Checkpoint
RP1354: 7/11/2009 6:14:47 PM - System Checkpoint
RP1355: 7/12/2009 8:14:48 PM - System Checkpoint
RP1356: 7/13/2009 10:12:47 PM - System Checkpoint
RP1357: 7/15/2009 4:03:48 PM - System Checkpoint
RP1358: 7/16/2009 5:48:10 PM - System Checkpoint
RP1359: 7/17/2009 6:24:18 PM - System Checkpoint
RP1360: 7/18/2009 7:12:14 PM - System Checkpoint
RP1361: 7/20/2009 1:28:43 AM - System Checkpoint
RP1362: 7/21/2009 2:01:58 AM - System Checkpoint
RP1363: 7/22/2009 2:03:33 AM - System Checkpoint
RP1364: 7/23/2009 5:05:50 AM - System Checkpoint
RP1365: 7/24/2009 8:30:48 AM - System Checkpoint
RP1366: 7/25/2009 9:39:56 AM - System Checkpoint
RP1367: 7/26/2009 10:15:55 AM - System Checkpoint
RP1368: 7/29/2009 12:27:50 AM - System Checkpoint
RP1369: 7/30/2009 12:28:53 AM - System Checkpoint
RP1370: 7/31/2009 2:30:59 AM - System Checkpoint
RP1371: 8/1/2009 2:52:00 AM - System Checkpoint
RP1372: 8/2/2009 12:34:22 PM - System Checkpoint
RP1373: 8/3/2009 1:15:17 PM - System Checkpoint
RP1374: 8/4/2009 3:15:23 PM - System Checkpoint
RP1375: 8/5/2009 6:37:52 PM - System Checkpoint
RP1376: 8/7/2009 10:24:51 PM - System Checkpoint
RP1377: 8/8/2009 1:03:32 AM - Removed G5a922EN
RP1378: 8/9/2009 1:39:47 AM - System Checkpoint
RP1379: 8/10/2009 3:03:59 PM - System Checkpoint
RP1380: 8/10/2009 10:53:36 PM - Installed Windows XP WgaNotify.
RP1381: 8/11/2009 11:16:15 PM - System Checkpoint
RP1382: 8/13/2009 12:34:43 AM - System Checkpoint
RP1383: 8/14/2009 2:38:49 AM - System Checkpoint
RP1384: 8/15/2009 3:42:38 AM - System Checkpoint
RP1385: 8/16/2009 4:06:29 AM - System Checkpoint
RP1386: 8/17/2009 4:42:30 AM - System Checkpoint
RP1387: 8/18/2009 5:42:30 AM - System Checkpoint
RP1388: 8/19/2009 10:44:57 PM - Installed SUPERAntiSpyware Free Edition
RP1389: 8/20/2009 10:24:38 PM - Removed Windows Live Favorites for Windows Live Toolbar
RP1390: 8/20/2009 10:24:54 PM - Removed Windows Live Sign-in Assistant
RP1391: 8/20/2009 10:25:11 PM - Removed Windows Live Sync
RP1392: 8/20/2009 10:25:30 PM - Removed Windows Live Upload Tool
RP1393: 8/20/2009 10:30:02 PM - Removed MSXML 4.0 SP2 (KB954430)
RP1394: 8/20/2009 10:30:18 PM - Removed MSXML 4.0 SP2 (KB936181)
RP1395: 8/20/2009 10:30:33 PM - Removed MSXML 4.0 SP2 (KB927978)
RP1396: 8/21/2009 12:50:49 PM - Removed SUPERAntiSpyware Free Edition
RP1397: 8/22/2009 1:19:59 PM - System Checkpoint
RP1398: 8/24/2009 11:58:39 PM - Installed SUPERAntiSpyware Free Edition
RP1399: 8/25/2009 8:45:20 PM - Installed AVG Free 8.5
RP1400: 8/26/2009 9:04:10 PM - System Checkpoint
RP1401: 8/29/2009 5:09:11 PM - Avg8 Update
RP1402: 8/30/2009 5:13:42 PM - System Checkpoint
RP1403: 8/31/2009 6:16:22 PM - System Checkpoint
RP1404: 9/1/2009 12:05:45 AM - Software Distribution Service 3.0
==== Installed Programs ======================
ABBYY FineReader 5.0 Sprint Plus
ABBYY FineReader 6.0 Sprint
Actiontec Gateway
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AVG Free 8.5
Banctec Service Agreement
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Conexant D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell V305
DellSupport
Digital Line Detect
DIGOpt
DIGReqEx
Disney's Extremely Goofy Skateboarding
Disney's Magic Artist Studio
Disney Pirates of the Caribbean Online
FamilyFeudOnlineParty (remove only)
FMCMusicManager
Formatta Filler 6.0
Formatta Filler 7.0
Free Medical Dictionary 1.0
H&R Block Tax Offer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
IMVU Avatar Chat Software
Intel(R) Graphics Media Accelerator Driver
Internet Explorer Default Page
IrfanView (remove only)
iRiver Manager
iRiver Updater
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Command & Control Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Speech API 3.0
Microsoft Speech Lexicon
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.5.2)
MSN
MSN Encarta Plus Support Files
Musicmatch® Jukebox
My Way Search Assistant
MySpace Graphics
MySpaceIM
NetWaiting
NHJ Photo Manager
OneCare Advisor (Windows Live Toolbar)
Operation
Photo Click
PhotoFiltre
PowerDVD 5.3
PSP Max Media Manager
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Qwest QuickCare 2.2
Reader Rabbit Personalized Kindergarten
Reader Rabbit Personalized Preschool
RealPlayer
Rhapsody Player Engine
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel MSCN Audio Player
Smart Menus (Windows Live Toolbar)
Snap Camera
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SpongeBob SquarePants - Battle for Bikini Bottom
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TaxCut Standard 2005
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims Deluxe Edition
The Sims™ 2 Celebration! Stuff
Toy Story 2 Activity Center
TurboTax Deluxe 2004
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WLTB Custom Buttons
WordPerfect Office 12
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
8/31/2009 8:59:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000022' while processing the file '13e5a0.msi' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/31/2009 8:39:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/31/2009 8:17:14 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
8/31/2009 8:15:22 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/31/2009 7:31:59 PM, error: Print [19] - Sharing printer failed + 1722, Printer Dell V305 share name Printer2.
8/26/2009 2:33:39 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 2 time(s).
8/26/2009 12:01:28 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/26/2009 10:23:12 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
8/26/2009 10:23:12 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
8/26/2009 10:23:12 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
8/26/2009 10:23:11 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
8/26/2009 10:23:11 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
8/26/2009 10:23:11 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
8/25/2009 7:03:23 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
8/25/2009 7:03:23 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2009 6:19:05 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
8/25/2009 12:47:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV
8/25/2009 12:47:07 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
8/25/2009 12:47:07 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/25/2009 12:46:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.
8/25/2009 12:46:57 AM, error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2009 12:46:57 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
here is DDS.txt:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Holly at 19:12:58.70 on Tue 09/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.79 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Holly\Desktop\dds.scr
============== Pseudo HJT Report ===============
mStart Page = hxxp://qwest.live.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - ?p=ZJfox000
IE: { - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\holly\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153192752752
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\holly\applic~1\mozilla\firefox\profiles\lju630rw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\karen\application data\real\rhapsodyplayerengine\nprhapengine.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-25 108552]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-25 297752]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-25 24652]
S1 209d771c;209d771c;c:\windows\system32\drivers\209d771c.sys --> c:\windows\system32\drivers\209d771c.sys [?]
S1 SASDIFSV;SASDIFSV;\??\e:\superantispyware\sasdifsv.sys --> e:\superantispyware\SASDIFSV.SYS [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-10-9 99568]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 264576]
S3 SASENUM;SASENUM;\??\e:\superantispyware\sasenum.sys --> e:\superantispyware\SASENUM.SYS [?]
=============== Created Last 30 ================
2009-09-01 00:08 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-31 21:26 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-31 21:12 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-31 21:10 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-31 20:56 50,176 a------- c:\windows\system32\proquota.exe
2009-08-31 20:56 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-08-31 20:33 <DIR> a-dshr-- C:\cmdcons
2009-08-31 20:31 229,376 a------- c:\windows\PEV.exe
2009-08-31 20:31 161,792 a------- c:\windows\SWREG.exe
2009-08-31 20:31 98,816 a------- c:\windows\sed.exe
2009-08-26 15:44 <DIR> --d----- c:\program files\Trend Micro
2009-08-25 21:14 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-25 20:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-25 20:46 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 20:46 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 20:45 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-25 20:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-08-25 20:45 <DIR> --d----- c:\program files\AVG
2009-08-25 20:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-24 23:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-24 23:58 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-24 23:58 <DIR> --d----- c:\docume~1\holly\applic~1\SUPERAntiSpyware.com
2009-08-24 23:58 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-24 00:31 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-24 00:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-24 00:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-24 00:02 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-24 00:01 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-24 00:01 <DIR> --d----- c:\program files\Lavasoft
2009-08-20 22:12 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-08-20 15:33 <DIR> --d----- C:\logs
2009-08-05 04:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
==================== Find3M ====================
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 23:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 23:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-19 08:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 08:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 16:58 2,713 ---sh--- c:\windows\system32\nahehuga.exe
2009-07-17 15:16 2,713 ---sh--- c:\windows\system32\terojabu.exe
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-17 13:29 2,713 ---sh--- c:\windows\system32\zejidefu.exe
2009-07-17 11:31 2,713 ---sh--- c:\windows\system32\lijujuto.exe
2009-07-17 09:37 2,713 ---sh--- c:\windows\system32\tudadopu.exe
2009-07-17 07:34 2,713 ---sh--- c:\windows\system32\javohiwo.exe
2009-07-17 05:46 2,713 ---sh--- c:\windows\system32\tumegivo.exe
2009-07-17 03:33 2,713 ---sh--- c:\windows\system32\husekafi.exe
2009-07-17 01:51 2,713 ---sh--- c:\windows\system32\yodohiza.exe
2009-07-17 00:08 2,713 ---sh--- c:\windows\system32\lodeyano.exe
2009-07-16 21:25 2,713 ---sh--- c:\windows\system32\bazefaki.exe
2009-07-16 19:22 2,713 ---sh--- c:\windows\system32\seruyone.exe
2009-07-16 15:38 2,713 ---sh--- c:\windows\system32\zuwidesi.exe
2009-07-16 11:32 2,713 ---sh--- c:\windows\system32\nilugetu.exe
2009-07-16 09:50 2,713 ---sh--- c:\windows\system32\sujefube.exe
2009-07-16 06:05 2,713 ---sh--- c:\windows\system32\papupona.exe
2009-07-16 02:57 2,713 ---sh--- c:\windows\system32\kekuveka.exe
2009-07-15 21:18 2,713 ---sh--- c:\windows\system32\yahosuze.exe
2009-07-15 18:28 2,713 ---sh--- c:\windows\system32\vegovuni.exe
2009-07-15 16:00 2,713 ---sh--- c:\windows\system32\vakuhimu.exe
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 08:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 06:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 03:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 03:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 03:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 06:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 06:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2005-04-21 21:32 19,686 a------- c:\program files\poontang.wav
2005-04-21 21:32 33,769 a------- c:\program files\badday.jpg
============= FINISH: 19:13:59.15 ===============
rlvanwyk
2009-09-02, 07:06
Remember at the beginning of this post. I mentioned Adware was also having problems. I am also working with them on their tool.
When DDS didn't work, they had me run RSIT and post it's log. From that they had me run Combofix... which fixed the problem causing DDS not to work.
here is Combofix.txt (after the fixes, of course).
ComboFix 09-08-31.03 - Holly 08/31/2009 20:39.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.150 [GMT -5:00]
Running from: c:\documents and settings\Holly\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Holly\Application Data\wiaserva.log
c:\documents and settings\Holly\Application Data\wiaservg.log
c:\recycler\S-1-5-21-3553142486-190658644-969280465-1009
c:\recycler\S-1-5-21-842925246-1004336348-725345543-1003
c:\recycler\S-1-5-21-842925246-1004336348-725345543-1004
c:\recycler\S-1-5-21-842925246-1004336348-725345543-1005
c:\recycler\S-1-5-21-842925246-1004336348-725345543-1006
c:\recycler\S-1-5-21-842925246-1004336348-725345543-1009
c:\windows\bf23567.dat
c:\windows\Fonts\WPHV07NB.TTF
c:\windows\Install.txt
c:\windows\Installer\13e5a0.msi
c:\windows\jmmark2.dat
c:\windows\system32\beriwedu.exe
c:\windows\system32\birevaga.exe
c:\windows\system32\botuluka.exe
c:\windows\system32\buvufuse.exe
c:\windows\system32\dagavuja.exe
c:\windows\system32\deriziro.exe
c:\windows\system32\difekewu.exe
c:\windows\system32\dinazumo.exe
c:\windows\system32\dizolade.exe
c:\windows\system32\fewenare.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\fipipope.exe
c:\windows\system32\fulikuma.exe
c:\windows\system32\fumilusi.exe
c:\windows\system32\fuyekoda.exe
c:\windows\system32\gaputaji.exe
c:\windows\system32\gigebobe.exe
c:\windows\system32\gijareyi.exe
c:\windows\system32\gipumule.exe
c:\windows\system32\giyujuyo.exe
c:\windows\system32\hefamalo.exe
c:\windows\system32\himepuka.exe
c:\windows\system32\honugiko.exe
c:\windows\system32\hosaharu.exe
c:\windows\system32\hulutozu.exe
c:\windows\system32\javojosu.exe
c:\windows\system32\jayimehe.exe
c:\windows\system32\jodagizu.exe
c:\windows\system32\joruvelu.exe
c:\windows\system32\jugupayo.exe
c:\windows\system32\kehuseju.exe
c:\windows\system32\kihepela.exe
c:\windows\system32\kopemage.exe
c:\windows\system32\kudinuho.exe
c:\windows\system32\kugeyugu.exe
c:\windows\system32\larariyi.exe
c:\windows\system32\leduwupe.exe
c:\windows\system32\lefofuge.exe
c:\windows\system32\libaleli.exe
c:\windows\system32\lilozozi.exe
c:\windows\system32\litekora.exe
c:\windows\system32\manorefa.exe
c:\windows\system32\milibara.exe
c:\windows\system32\mipozefo.exe
c:\windows\system32\miyuguzo.exe
c:\windows\system32\modufime.exe
c:\windows\system32\mosasaso.exe
c:\windows\system32\muhezago.exe
c:\windows\system32\mupupega.exe
c:\windows\system32\mutirira.exe
c:\windows\system32\nahotifo.exe
c:\windows\system32\nimohava.exe
c:\windows\system32\nipusova.exe
c:\windows\system32\noliwabo.exe
c:\windows\system32\nuditeli.exe
c:\windows\system32\nusofode.exe
c:\windows\system32\pedikaje.exe
c:\windows\system32\pewibedi.exe
c:\windows\system32\pudidoye.exe
c:\windows\system32\pupuyete.exe
c:\windows\system32\puyimete.exe
c:\windows\system32\rematoto.exe
c:\windows\system32\rerupobe.exe
c:\windows\system32\rihabofa.exe
c:\windows\system32\setebiwa.exe
c:\windows\system32\sijoweta.exe
c:\windows\system32\sisifeme.exe
c:\windows\system32\sofoteko.exe
c:\windows\system32\sufobafu.exe
c:\windows\system32\sunezihe.exe
c:\windows\system32\tasoyuwu.exe
c:\windows\system32\temuloha.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tulayeba.exe
c:\windows\system32\tusivida.exe
c:\windows\system32\vajapohu.exe
c:\windows\system32\vajewofa.exe
c:\windows\system32\vefuheju.exe
c:\windows\system32\volonubo.exe
c:\windows\system32\vomusuna.exe
c:\windows\system32\vujepomi.exe
c:\windows\system32\vuvohoge.exe
c:\windows\system32\vuzupeno.exe
c:\windows\system32\wawebodo.exe
c:\windows\system32\werigila.exe
c:\windows\system32\wevagofo.exe
c:\windows\system32\wezibalu.exe
c:\windows\system32\wipigivi.exe
c:\windows\system32\yadahewe.exe
c:\windows\system32\yalenimo.exe
c:\windows\system32\yaseviha.exe
c:\windows\system32\yevowoku.exe
c:\windows\system32\yohufeku.exe
c:\windows\system32\yopunifo.exe
c:\windows\system32\yotopoge.exe
c:\windows\system32\zapegisi.exe
c:\windows\system32\zazirazu.exe
c:\windows\system32\zeholuva.exe
c:\windows\system32\zevorihu.exe
c:\windows\system32\zihanine.exe
c:\windows\system32\zimuvafe.exe
c:\windows\system32\zipowapu.exe
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1351\A0232081.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-09-01 01:56 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-01 01:56 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-31 04:45 . 2009-08-31 04:46 -------- d-----w- C:\rsit
2009-08-26 20:44 . 2009-08-26 20:44 -------- d-----w- c:\program files\Trend Micro
2009-08-26 17:01 . 2009-07-24 14:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-26 02:14 . 2009-08-30 07:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-26 01:50 . 2009-08-26 01:50 -------- d-----w- c:\documents and settings\Holly\Local Settings\Application Data\AVG Security Toolbar
2009-08-26 01:46 . 2009-08-26 01:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 01:46 . 2009-08-26 01:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-26 01:46 . 2009-08-26 01:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 01:46 . 2009-08-26 01:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 01:45 . 2009-08-31 23:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-26 01:45 . 2009-08-26 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-26 01:45 . 2009-08-26 01:45 -------- d-----w- c:\program files\AVG
2009-08-26 01:45 . 2009-08-26 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-25 04:59 . 2009-08-25 04:59 117760 ----a-w- c:\documents and settings\Holly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-25 04:58 . 2009-08-25 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-25 04:58 . 2009-08-25 04:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 04:58 . 2009-08-25 04:58 -------- d-----w- c:\documents and settings\Holly\Application Data\SUPERAntiSpyware.com
2009-08-25 04:58 . 2009-08-25 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 05:31 . 2009-08-24 05:02 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-24 05:13 . 2009-08-26 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 05:13 . 2009-08-24 05:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 05:01 . 2009-08-24 05:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-24 05:01 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-08-24 05:01 . 2009-08-24 05:01 -------- d-----w- c:\program files\Lavasoft
2009-08-21 03:12 . 2009-08-21 03:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-08-20 20:33 . 2009-08-20 20:33 -------- d-----w- C:\logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 05:01 . 2008-07-01 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:02 . 2007-03-27 02:56 -------- d-----w- c:\program files\EA GAMES
2009-07-27 02:05 . 2009-07-27 02:05 128 ----a-w- c:\documents and settings\David\Local Settings\Application Data\fusioncache.dat
2009-07-27 02:05 . 2005-02-15 21:26 61400 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-24 03:43 . 2005-09-08 01:52 -------- d-----w- c:\documents and settings\David\Application Data\MSN6
2009-07-21 01:03 . 2005-04-11 23:28 -------- d-----w- c:\documents and settings\Karen\Application Data\MSN6
2009-07-17 21:58 . 2009-07-17 21:58 2713 --sh--w- c:\windows\system32\nahehuga.exe
2009-07-17 20:16 . 2009-07-17 20:16 2713 --sh--w- c:\windows\system32\terojabu.exe
2009-07-17 18:29 . 2009-07-17 18:29 2713 --sh--w- c:\windows\system32\zejidefu.exe
2009-07-17 16:31 . 2009-07-17 16:31 2713 --sh--w- c:\windows\system32\lijujuto.exe
2009-07-17 14:37 . 2009-07-17 14:37 2713 --sh--w- c:\windows\system32\tudadopu.exe
2009-07-17 12:34 . 2009-07-17 12:34 2713 --sh--w- c:\windows\system32\javohiwo.exe
2009-07-17 10:46 . 2009-07-17 10:46 2713 --sh--w- c:\windows\system32\tumegivo.exe
2009-07-17 08:33 . 2009-07-17 08:33 2713 --sh--w- c:\windows\system32\husekafi.exe
2009-07-17 06:51 . 2009-07-17 06:51 2713 --sh--w- c:\windows\system32\yodohiza.exe
2009-07-17 05:08 . 2009-07-17 05:08 2713 --sh--w- c:\windows\system32\lodeyano.exe
2009-07-17 02:25 . 2009-07-17 02:25 2713 --sh--w- c:\windows\system32\bazefaki.exe
2009-07-17 00:22 . 2009-07-17 00:22 2713 --sh--w- c:\windows\system32\seruyone.exe
2009-07-16 20:38 . 2009-07-16 20:38 2713 --sh--w- c:\windows\system32\zuwidesi.exe
2009-07-16 16:32 . 2009-07-16 16:32 2713 --sh--w- c:\windows\system32\nilugetu.exe
2009-07-16 14:50 . 2009-07-16 14:50 2713 --sh--w- c:\windows\system32\sujefube.exe
2009-07-16 11:05 . 2009-07-16 11:05 2713 --sh--w- c:\windows\system32\papupona.exe
2009-07-16 07:57 . 2009-07-16 07:57 2713 --sh--w- c:\windows\system32\kekuveka.exe
2009-07-16 02:18 . 2009-07-16 02:18 2713 --sh--w- c:\windows\system32\yahosuze.exe
2009-07-15 23:28 . 2009-07-15 23:28 2713 --sh--w- c:\windows\system32\vegovuni.exe
2009-07-15 21:00 . 2009-07-15 21:00 2713 --sh--w- c:\windows\system32\vakuhimu.exe
2009-07-15 03:06 . 2005-06-12 18:49 -------- d-----w- c:\documents and settings\Holly\Application Data\MSN6
2009-07-08 01:13 . 2009-07-08 01:13 220 ----a-w- c:\windows\567788.bat
2009-07-07 03:51 . 2008-02-16 17:42 -------- d-----w- c:\program files\AIM6
2009-07-07 03:51 . 2006-07-30 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2005-04-22 02:32 . 2005-04-22 02:32 19686 ----a-w- c:\program files\poontang.wav
2005-04-22 02:32 . 2005-04-22 02:32 33769 ----a-w- c:\program files\badday.jpg
2007-01-08 21:41 . 2005-08-26 00:34 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2007-03-29 12:46 409600 65E23953D337574E549B1EF34FE0B1DA c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll
[7] 2004-08-04 11:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\$NtUninstallKB923845$\qmgr.dll
[7] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2007-03-29 12:56 409600 CC431E6DEAAD867A583EE5E804EE4CF2 c:\windows\SYSTEM32\qmgr.dll
[-] 2007-03-29 12:56 409600 CC431E6DEAAD867A583EE5E804EE4CF2 c:\windows\SYSTEM32\bits\qmgr.dll
[-] 2007-03-29 12:56 409600 CC431E6DEAAD867A583EE5E804EE4CF2 c:\windows\SYSTEM32\DLLCACHE\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-24 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-26 2007832]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-15 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 01:46 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"defender32.exe"=c:\docume~1\Holly\LOCALS~1\Temp\defender32.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"LowRiskFileTypes"=c:\windows\sysguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"iRiver Updater"=c:\program files\iRiver\iRiver Manager\Updater\Updater.exe
"QuickCare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe"
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/24/2009 12:02 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [8/25/2009 8:46 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/25/2009 8:46 PM 108552]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/25/2009 8:45 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2009 8:45 PM 297752]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/25/2007 6:25 PM 24652]
S1 209d771c;209d771c;c:\windows\system32\drivers\209d771c.sys --> c:\windows\system32\drivers\209d771c.sys [?]
S1 SASDIFSV;SASDIFSV;\??\e:\superantispyware\SASDIFSV.SYS --> e:\superantispyware\SASDIFSV.SYS [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtserv.exe [10/9/2008 8:12 PM 99568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\SYSTEM32\DRIVERS\RTL8187B.sys [7/19/2007 8:40 AM 264576]
S3 SASENUM;SASENUM;\??\e:\superantispyware\SASENUM.SYS --> e:\superantispyware\SASENUM.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:02]
2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]
2009-08-30 c:\windows\Tasks\QuickConnectSupportTask.job
- c:\program files\Qwest\QuickConnect\QuickConnect.exe [2008-07-11 06:26]
.
- - - - ORPHANS REMOVED - - - -
BHO-{be321b82-e695-4657-adb9-43b811f65214} - c:\windows\system32\kelaworu.dll
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Explorer_Run-SpywareGuard - C:\mpktnpah.exe
.
------- Supplementary Scan -------
.
mStart Page = hxxp://qwest.live.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - ?p=ZJfox000
IE: { - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Holly\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Holly\Application Data\Mozilla\Firefox\Profiles\lju630rw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Karen\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 21:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C044AAD-7955-4cbd-8175-501A165C4E5D}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\req.dll"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWaySA\\SrchAsDe\\1.bin\\deSrcAs.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\msxml71.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ProgID]
@DACL=(02 0000)
@="XML.XML.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\TypeLib]
@DACL=(02 0000)
@="{40196867-19F8-7157-C097-ECAFF653C9AD}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\VersionIndependentProgID]
@DACL=(02 0000)
@="XML.XML"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\SYSTEM32\dldtcoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Dell V305\dldtmsdmon.exe
.
**************************************************************************
.
Completion time: 2009-09-01 21:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 02:35
Pre-Run: 118,400,303,104 bytes free
Post-Run: 117,948,862,464 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
391 --- E O F --- 2009-09-01 02:00