Here are the ComboFix list and a new HJT as requested.
Before we wrap up, here are some other things that need some attention:
1-Every time I shut down, the shut down box gives me this option:
"Click Turn Off to install improtant updates and turn off your computer. Click here to turn off without installing updates." If I select to do the updates it appears to be updating windows and then shuts off normally. But every time I shut down I get the same message, so apparently the Windows update doesn't work.
2-There are a few programs on here that I have no clue if I either need them or want to keep. If you know anything about any of these please let me know; if not I can do some surfing to find out what they are:
AOL Instant Messenger <<< I've tried to remove this with Add/Remove Programs but it crashes saying that a file is missing. I can't remove it. Please help me on this one.
AIM 6 <<< We don't do instant messaging, is this good for anything else?
Business Contact Mgr for Outllok 2007
Calculator Power Toy for Windows XP
DAO
Download Updater
3-Finally, finding the right mix of virus, malware and adware protection programs to protect my computer is a daunting task. Up 'till now I have used McAfee Security Center, Ad-Aware, SpyBot and AVG. I've had McAfee and SpyBot do the active monitoring.
Since I can't use AVG with McAfee now, I'm even more confused. Could you give some suggestions, or perhaps point me to a source that can help me determine what's the best combination for my needs. Which ones I want to do active monitoring, etc. I don't have hours and hours to surf the net comparing this product to that. In my case cost of programs is a minor issue. I want good protection.
Any help would be appreciated.
Thanks for all your help, Phil, you've been a LIFE SAVER!!! :cowboy:
Here are the Logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:40 AM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com/accounts/Ser...k96igf4806cy&scc=1<mpl=default<mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
http://localhost;*.local
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Documents and Settings\Dad\Desktop\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Documents and Settings\Dad\Desktop\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 5216 bytes
ComboFix 09-02-03.01 - Dad 2009-02-05 5:13:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.459 [GMT -7:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\CComSvc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1054744159.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1257552095.712536053
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1476482372.712535979
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1550700062.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1675323418.713836840
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1744624506.713836803
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1767541886.713836716
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1792851963.712535981
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-685991849.712535954
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-708065856.713836749
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-732913299.712536002
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-763019087.713836937
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-96559883.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1461440338.712535953
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1564877131.712535908
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\385814962.712536011
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\501688438.712536046
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1041161462.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1216699398.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-167467785.712535921
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1735078747.713836821
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-2040853405.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-378119151.712535947
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-583022627.712535910
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-787478019.712535915
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-982355842.712536070
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1176327029.713836865
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1220223377.712535992
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1247495568.712535999
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1304666343.712536034
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\346281577.713836896
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\512589962.712536028
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\570073743.713863076
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\768763562.712535994
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\860502393.712536026
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\925975223.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1140250495.713836908
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1149444489.712536068
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1219180738.713836830
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1270717649.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1438713594.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1610302144.712536009
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1651440994.712535931
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1801392204.712535990
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1817435829.712536059
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1819899927.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2034384745.713836872
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2108356295.712535989
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-243470204.712536022
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-300725744.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-41890203.712536041
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-582640680.712536049
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-668285516.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-72580264.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-764272172.712535942
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1229517749.712535939
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1385903037.713836769
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\143415706.712536017
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1520622600.712535996
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\172992995.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\434599021.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1037005395.713836741
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1106322216.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1294591352.712536065
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1307685966.713836843
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1603077681.712535983
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1625577909.713836700
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1720476204.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1799102199.713836711
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1877319710.713836793
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1926077123.712535997
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-583862537.712536063
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-66919675.712536043
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1071317150.713836906
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\119964245.713836888
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1382942631.713836864
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1385887584.713836838
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1418335590.713836807
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1669572585.712536032
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1838517554.712536007
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\2021793278.712535944
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\489659170.712536061
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\581741786.713836754
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\582067880.712535985
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\746857229.713836914
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\770800983.712535978
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\879056853.712535933
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\932053967.712536014
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\980018594.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\URLCache.ini
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
.
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.
2009-02-04 11:59 . 2009-02-04 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-02-04 11:37 . 2009-02-04 11:38 <DIR> d-------- c:\program files\iTunes
2009-02-04 11:37 . 2009-02-04 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 11:36 . 2009-02-04 11:36 <DIR> d-------- c:\program files\Bonjour
2009-02-04 11:35 . 2009-02-04 11:36 <DIR> d-------- c:\program files\QuickTime
2009-02-04 11:33 . 2009-02-04 11:33 <DIR> d-------- c:\program files\Apple Software Update
2009-02-04 11:32 . 2009-02-04 11:38 <DIR> d----c--- c:\windows\SYSTEM32\DRVSTORE
2009-02-04 11:31 . 2009-02-04 11:37 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-04 11:22 . 2009-02-04 11:22 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-02-04 11:22 . 2009-02-04 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-04 11:21 . 2009-02-04 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-04 11:21 . 2009-02-04 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-02-04 11:20 . 2009-02-04 12:46 <DIR> d-------- c:\program files\AIM6
2009-02-04 11:09 . 2009-02-04 11:09 <DIR> d-------- c:\program files\Secunia
2009-02-03 08:22 . 2009-02-03 08:22 <DIR> d-------- c:\program files\RegCure
2009-01-31 23:33 . 2009-01-31 23:33 <DIR> d-------- c:\program files\AVG
2009-01-29 18:57 . 2009-01-29 18:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-29 18:57 . 2009-01-29 18:57 <DIR> d-------- c:\documents and settings\Dad\Application Data\Malwarebytes
2009-01-29 18:57 . 2009-01-29 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 18:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-29 18:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-28 07:11 . 2009-01-28 07:11 <DIR> d-------- c:\program files\Trend Micro
2009-01-10 14:31 . 2009-01-10 14:31 <DIR> d-------- C:\bba6a92da29144993055eb03
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\SYSTEM32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\SYSTEM32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 11:55 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-05 00:06 --------- d-----w c:\program files\McAfee
2009-02-05 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-04 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 19:41 --------- d-----w c:\program files\AIM
2009-02-04 19:41 --------- d-----w c:\documents and settings\Dad\Application Data\Aim
2009-02-04 19:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-04 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 18:40 --------- d-----w c:\program files\Common Files\Adobe
2009-02-04 18:37 --------- d-----w c:\program files\iPod
2009-02-04 18:21 --------- d-----w c:\program files\Common Files\aol
2009-02-03 16:19 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-03 14:02 5,880 -c--a-w c:\windows\SYSTEM32\wfileu.drv
2009-01-11 00:03 --------- d-----w c:\documents and settings\Dad\Application Data\Move Networks
2008-12-15 20:02 --------- d-----w c:\documents and settings\Dad\Application Data\OpenOffice.org
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-10 14:17 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2008-02-09 17:15 724,984 ----a-w c:\documents and settings\Darren\gotomypc_437.exe
2006-10-05 21:42 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2006-03-21 02:58 311 ---ha-w c:\documents and settings\Dad\hpothb07.dat
2008-08-23 09:11 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-02-04_ 8.41.39.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-24 01:41:42 841,304 ----a-w c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2009-02-04 18:21:40 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-02-04 18:33:14 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-02-04 18:36:57 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2009-02-04 19:00:40 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}\IconCD95F66110.exe
+ 2009-02-04 19:00:40 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}\IconCD95F6617.exe
+ 2009-02-04 18:38:58 102,400 ----a-r c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
- 2009-02-04 12:57:03 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-02-04 23:49:57 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-02-04 12:57:03 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-02-04 23:49:57 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2009-02-04 12:57:03 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2009-02-04 23:49:57 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-08-29 17:18:58 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
+ 2008-08-29 16:53:50 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
- 2006-09-19 20:44:04 15,664 ----a-w c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 15,464 ----a-w c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 21:23:30 32,000 -c--a-w c:\windows\SYSTEM32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2006-10-04 01:47:52 109,360 ----a-w c:\windows\SYSTEM32\GEARAspi.dll
+ 2008-04-17 20:12:54 107,368 ----a-w c:\windows\SYSTEM32\GEARAspi.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10a.exe
- 2008-06-20 12:48:21 74,137 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-04 18:52:38 89,102 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Dad\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2008-12-17 748840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.gvacm32"= gvacm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-12-17 10:28 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Component Kicker]
--a--c--- 2005-07-04 17:48 217088 c:\program files\Kryptel\Kicker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 16:22 28672 c:\windows\SYSTEM32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 c:\windows\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2002-11-22 12:49 188416 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2002-11-22 12:48 348160 c:\windows\SYSTEM32\hphmon04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
--a--c--- 2002-11-22 12:50 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2004-10-08 08:49 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a--c--- 1997-12-04 03:53 22528 c:\paprport\PPTD40NT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 09:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" --force_start_minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"Yahoo! Pager"="c:\documents and settings\Dad\Desktop\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47005:TCP"= 47005:TCP:*
isabled:Bit Torrent
R2 Av630cn;Av630cn;c:\windows\SYSTEM32\DRIVERS\AV630CN.SYS [2003-12-15 103328]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [2003-09-03 34712]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [2008-12-10 7808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [2008-09-20 39048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S4 CCOMSVC;Communication Services;c:\windows\CComSvc.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc --> c:\windows\CComSvc.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238ec742-20a6-11db-a7da-000bdbbc2ba2}]
\Shell\AutoRun\command - G:\
.
Contents of the 'Scheduled Tasks' folder
2009-02-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2009-02-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2006-10-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
2009-02-04 c:\windows\Tasks\User_Feed_Synchronization-{CEB88DCD-EDF6-438E-86C0-5BBC9D14EDB7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page =
https://www.google.com/accounts/Ser...k96igf4806cy&scc=1<mpl=default<mplcache=2
uInternet Connection Wizard,ShellNext = wmplayer.exe
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\i10n0x43.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-05 05:17:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCOMSVC]
"ImagePath"="c:\windows\CComSvc.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-763764072-451702355-933462060-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-02-05 5:22:27
ComboFix-quarantined-files.txt 2009-02-05 12:21:09
ComboFix2.txt 2009-02-05 01:46:01
ComboFix3.txt 2009-02-04 15:44:27
Pre-Run: 7,573,299,200 bytes free
Post-Run: 7,555,039,232 bytes free
352 --- E O F --- 2009-02-05 11:55:40
Very sorry, Phil. I misunderstood. I thought you wanted me to get rid of AVG 7.5 because it was obsolete and I didn't know about conflicts with McAfee. I thought AVG 8 would be ok because I had disabled the two parts of the program that do real-time checking. I just wanted to have it there to run an occasional scan. No problem, it's gone now. Next time I'll ask. Thanks for your patience.
