Definitely Infected.
rosotuse, rokewezi, hkcmd try to run at startup. Expected system behavior is present; random pop ups and browser windows to "virus cleaning" sites and "regcleaners". Windows Live One care continually has it's auto update disabled. And on and on and on...I am unsure of the source of the infection, though I have 2 suspects in mind. 1) I tried downloading America's Army from a file sharing site. 2)I downloaded some music files via TPB and uTorrent as the client. I have since uninstalled both.
FYI. I did in fact run HJT, ComboFix, CCleaner, and Adaware Anniversary Edt. to try and clean this up myself. My logs from HJT and ComboFix are below:
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41, on 2009-03-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.199.2.100:80
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0e50baf4-4c78-49ee-87ec-11d5d46c1136} - C:\WINDOWS\system32\bivayuye.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {f352754d-f8ad-4d6b-8a81-65e70714f9df} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [tawiyoyogu] Rundll32.exe "C:\WINDOWS\system32\rosotuse.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197062871171
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197069504468
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInsta...nstallAx10.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8846 bytes
______________________
ComboFix:
ComboFix 09-03-01.01 - eviljonny 2009-03-01 15:14:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3379.2897 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-03-01 14:53 . 2009-02-28 21:29 15,688 --a------ C:\WINDOWS\system32\lsdelete.exe
2009-03-01 12:24 . 2009-03-01 12:24 <DIR> d-------- C:\Program Files\CCleaner
2009-03-01 12:07 . 2009-03-01 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2009-03-01 11:37 . 2009-03-01 11:37 95 --a------ C:\WINDOWS\wininit.ini
2009-03-01 10:49 . 2009-03-01 10:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2009-03-01 10:49 . 2009-03-01 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-28 21:30 . 2009-02-28 21:29 64,160 --a------ C:\WINDOWS\system32\drivers\Lbd.sys
2009-02-28 21:28 . 2009-02-28 21:28 <DIR> d-------- C:\Program Files\Lavasoft
2009-02-28 21:28 . 2009-02-28 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-28 21:28 . 2009-02-28 21:28 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-28 20:25 . 2009-01-09 11:19 1,089,593 -----c--- C:\WINDOWS\system32\dllcache\ntprint.cat
2009-02-28 20:16 . 2009-02-28 20:16 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2009-02-28 20:15 . 2009-02-28 20:15 <DIR> d-------- C:\Program Files\Roxio
2009-02-28 19:46 . 2009-02-28 19:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2009-02-28 12:48 . 2009-02-28 12:59 <DIR> d-------- C:\Program Files\America's Army Deploy Client
2009-02-28 12:48 . 2009-02-28 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
2009-02-28 12:18 . 2009-02-28 12:18 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-02-28 12:17 . 2009-02-28 12:17 <DIR> d-------- C:\Program Files\Reference Assemblies
2009-02-28 12:17 . 2009-02-28 12:17 <DIR> d-------- C:\5487b557dc906c6d5800f2bd4a
2009-02-28 12:17 . 2008-07-06 04:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2009-02-28 12:17 . 2008-07-06 04:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-02-28 12:17 . 2008-07-06 02:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-02-28 12:17 . 2008-07-06 04:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-28 12:17 . 2008-07-06 04:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-02-28 12:17 . 2008-07-06 04:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2009-02-28 12:17 . 2008-07-06 04:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-02-28 12:16 . 2009-02-28 12:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2009-02-22 16:09 . 2009-02-22 16:09 <DIR> d-------- C:\Program Files\TechSmith
2009-02-22 16:09 . 2009-02-22 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2009-02-22 16:08 . 2009-02-22 16:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-16 09:31 . 2009-02-16 09:31 <DIR> d-------- C:\Program Files\Domination
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 23:17 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2009-03-01 23:17 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2009-03-01 18:35 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2009-03-01 04:13 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2009-03-01 04:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2009-03-01 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-28 23:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-02-16 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-16 17:17 --------- d-----w C:\Program Files\Google
2009-02-12 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-30 20:26 --------- d-----w C:\Program Files\WebEx
2009-01-17 06:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2009-01-17 06:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio
2009-01-07 06:16 --------- d-----w C:\Program Files\DivX
2007-06-22 02:38 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 02:38 79,432 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 02:38 71,240 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-06-22 02:38 140,872 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 02:39 38,472 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-06-22 02:39 46,664 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-06-22 02:39 34,376 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-22 02:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 02:40 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2009-02-16 17:50 67,688 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
2009-02-16 17:50 54,368 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
2009-02-16 17:50 34,944 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
2009-02-16 17:50 46,712 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
2009-02-16 17:50 172,136 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
2008-09-21 15:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092120080922\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 16:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34 69632]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13:33 13574144]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 13:18 64880]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 13:33 86016]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-28 21:29 509784]
"nwiz"="nwiz.exe" [2008-10-07 13:33 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\yeyapoyu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [2009-02-28 21:30:03 64160]
R1 FD;FD;C:\WINDOWS\system32\drivers\FD.sys [2007-12-07 12:40:11 24179]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 13:34:37 950096]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 13:16:44 25968]
R3 chdrvr01;CH Control Manager Driver 1;C:\WINDOWS\system32\drivers\chdrvr01.sys [2008-03-23 11:16:46 215104]
R3 chdrvr02;CH Control Manager Driver 2;C:\WINDOWS\system32\drivers\chdrvr02.sys [2008-03-23 11:16:46 3744]
R3 chdrvr03;CH Control Manager Driver 3;C:\WINDOWS\system32\drivers\chdrvr03.sys [2008-03-23 11:16:46 9024]
.
Contents of the 'Scheduled Tasks' folder
2009-03-01 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-28 21:29]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0e50baf4-4c78-49ee-87ec-11d5d46c1136} - C:\WINDOWS\system32\bivayuye.dll
BHO-{f352754d-f8ad-4d6b-8a81-65e70714f9df} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-tawiyoyogu - C:\WINDOWS\system32\rosotuse.dll
MSConfigStartUp-CPM0f0705d8 - c:\windows\system32\rokewezi.dll
MSConfigStartUp-tawiyoyogu - C:\WINDOWS\system32\rosotuse.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.199.2.100:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yooletgh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
__________________
End.
Thank you for any assistance.
Originally Posted by Blade81
