Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System slow


  • This topic is locked This topic is locked
12 replies to this topic

#1 dbceee

dbceee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 13 February 2009 - 12:49 PM

As per "thcbytes" instructions in the "Windows XP Home and Professional" forum of BC I am submitting the results of the DDS I ran and attaching the other zipped .txt file.

Here's a bit of a history:

Had ISP-based Norton Internet Security system on it and Windows Defender up until Mid-January 2009, nothing else for malware or adware

Started having start-up problems, tried to run SFC - wouldn't let me complete the process - can't remember what the error message said but it was related to missing files (sorry I can't find the details I wrote down). I was using MSConfig [for a few weeks] to keep my startups diminished but stopped that - I have recently learned that doing this could create startup problems :thumbup2:

Took Norton Security system out with the Norton Removal tool, reinstalled Ghost 12 and ran a complete back up of my HD via Ghost on an external HD

Installed AVG AV Free, Malware Bytes and Ad-aware and got rid of a fair bit of nasty stuff by running full scans with all 3 programs.

Had problems with AVG AV Free running properly and had to uninstall it and then couldn't re-install it and keep getting the error message: Local machine: installation failed, Installation: Error: Action failed for file avgtdix.sys: starting service.... Error 0x80070014

Did a system restore point and then used XP Repair Pro 4.0 to run Registry and System Repair and defragment the Registry and to cut down on some of the unneeded process at start up [had over 100 Windows Task manager process running after start up, got it down to 75 but still know it's too high] I was told NOT to use Registry Cleaners so I went back and undid all that the registry cleaner [XP Repair Pro 4.0] "cleaned" and then uninstalled it.

I'm concerned some of my OS files are damaged [that I can't seem to repair] and I'm guessing there's viral/malware/spyware issues still.

I downloaded McAfee VirusScan Plus 90-day free trial to cover myself in the mean time...

I have now run SFC successfully [I'm assuming so because it just went through checking all the files and disappeared!]

_______________________________________________________________________________________
DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 12:08:12.45 on 13/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2039.712 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DN0X3BY3\dds[1].scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Hours3]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [WService] WService.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunServices: [BelkinAPM] c:\program files\belkin automatic power management software\BelkinAPM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
StartupFolder: c:\docume~1\user\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: webprint.com\staplescanada
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Faxuburl - {E2BCABF6-2420-47F8-A81D-98861CE9ABCF} - c:\windows\system32\objegapp.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\wy20sjxi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50ffmqie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://webmail.netflash.net/src/login.php
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50ffmqab&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R2 BelkinAPM;BelkinAPM;c:\progra~1\belkin~1\belkin~1.exe -zglaxservice belkinapm --> c:\progra~1\belkin~1\BELKIN~1.EXE -zglaxservice BelkinAPM [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-12 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-12 144704]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2009-1-1 90112]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2008-4-8 140648]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2008-4-7 163840]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 BelkinAPMmonitor;BelkinAPMmonitor;c:\progra~1\belkin~1\belkin~4.exe -zglaxservice belkinapmmonitor --> c:\progra~1\belkin~1\BELKIN~4.EXE -zglaxservice BelkinAPMmonitor [?]
R3 BelkinAPMRMI;BelkinAPMRMI;c:\progra~1\belkin~1\belkin~3.exe -zglaxservice belkinapmrmi --> c:\progra~1\belkin~1\BELKIN~3.EXE -zglaxservice BelkinAPMRMI [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-12 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-12 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-12 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-12 40552]
S2 0320631234497073mcinstcleanup;McAfee Application Installer Cleanup (0320631234497073);c:\docume~1\user\locals~1\temp\032063~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service

--> c:\docume~1\user\locals~1\temp\032063~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 BelkinAPMmanager;BelkinAPMmanager;c:\progra~1\belkin~1\be8806~1.exe -zglaxservice belkinapmmanager --> c:\progra~1\belkin~1\BE8806~1.EXE -zglaxservice BelkinAPMmanager [?]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2007-6-18 40060]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]

=============== Created Last 30 ================

2009-02-13 12:07 58,880 ac------ c:\windows\system32\dllcache\OLD13E7.tmp
2009-02-13 12:06 253,952 ac------ c:\windows\system32\dllcache\OLD1391.tmp
2009-02-13 12:05 90,200 ac------ c:\windows\system32\dllcache\OLD12FC.tmp
2009-02-13 12:04 109,085 ac------ c:\windows\system32\dllcache\OLD128C.tmp
2009-02-13 12:03 199,711 ac------ c:\windows\system32\dllcache\OLD123A.tmp
2009-02-13 12:02 907,456 ac------ c:\windows\system32\dllcache\OLD11DA.tmp
2009-02-13 12:01 22,090 ac------ c:\windows\system32\dllcache\OLD116E.tmp
2009-02-13 12:01 22,090 ac------ c:\windows\system32\dllcache\OLD116B.tmp
2009-02-13 12:01 24,618 ac------ c:\windows\system32\dllcache\OLD1168.tmp
2009-02-13 12:01 16,074 ac------ c:\windows\system32\dllcache\OLD1164.tmp
2009-02-13 12:01 11,850 ac------ c:\windows\system32\dllcache\OLD115D.tmp
2009-02-13 12:01 7,168 ac------ c:\windows\system32\dllcache\OLD1160.tmp
2009-02-13 12:01 12,362 ac------ c:\windows\system32\dllcache\OLD1159.tmp
2009-02-13 12:01 7,040 ac------ c:\windows\system32\dllcache\OLD1155.tmp
2009-02-13 12:01 16,998 ac------ c:\windows\system32\dllcache\OLD1151.tmp
2009-02-13 12:01 45,568 ac------ c:\windows\system32\dllcache\OLD1149.tmp
2009-02-13 12:01 45,056 ac------ c:\windows\system32\dllcache\OLD114B.tmp
2009-02-13 12:01 25,856 ac------ c:\windows\system32\dllcache\OLD114D.tmp
2009-02-13 11:59 634,134 ac------ c:\windows\system32\dllcache\OLD10C4.tmp
2009-02-13 11:58 31,305 ac------ c:\windows\system32\dllcache\OLD105C.tmp
2009-02-13 11:57 3,584 ac------ c:\windows\system32\dllcache\OLDFAE.tmp
2009-02-13 11:56 39,680 ac------ c:\windows\system32\dllcache\OLDEFC.tmp
2009-02-13 11:55 14,208 ac------ c:\windows\system32\dllcache\OLDDF6.tmp
2009-02-13 11:54 24,576 ac------ c:\windows\system32\dllcache\OLDD5D.tmp
2009-02-13 11:53 16,384 ac------ c:\windows\system32\dllcache\OLDD13.tmp
2009-02-13 11:53 32,827 ac------ c:\windows\system32\dllcache\OLDD11.tmp
2009-02-13 11:53 20,536 ac------ c:\windows\system32\dllcache\OLDD0D.tmp
2009-02-13 11:53 16,437 ac------ c:\windows\system32\dllcache\OLDD0F.tmp
2009-02-13 11:53 66,048 ac------ c:\windows\system32\dllcache\OLDD0B.tmp
2009-02-13 11:51 184,435 ac------ c:\windows\system32\dllcache\OLDCE8.tmp
2009-02-13 11:51 82,035 ac------ c:\windows\system32\dllcache\OLDCEA.tmp
2009-02-13 11:51 188,480 ac------ c:\windows\system32\dllcache\OLDCE6.tmp
2009-02-13 11:51 20,540 ac------ c:\windows\system32\dllcache\OLDCE2.tmp
2009-02-13 11:51 16,439 ac------ c:\windows\system32\dllcache\OLDCE4.tmp
2009-02-13 11:51 16,439 ac------ c:\windows\system32\dllcache\OLDCE0.tmp
2009-02-13 11:51 20,540 ac------ c:\windows\system32\dllcache\OLDCDE.tmp
2009-02-13 11:47 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-13 11:47 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-13 11:47 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-02-13 11:47 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-02-13 11:47 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-02-13 11:47 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-02-13 11:47 28,288 ac------ c:\windows\system32\dllcache\OLDCD0.tmp
2009-02-13 11:46 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-02-13 11:46 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-02-13 11:46 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-02-13 11:46 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-02-13 11:46 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-02-13 11:44 16,925 ac------ c:\windows\system32\dllcache\w940nd.sys
2009-02-13 11:43 224,802 ac------ c:\windows\system32\dllcache\usr1807a.sys
2009-02-13 11:42 211,968 ac------ c:\windows\system32\dllcache\um54scan.dll
2009-02-13 11:42 216,064 ac------ c:\windows\system32\dllcache\um34scan.dll
2009-02-13 11:42 36,736 ac------ c:\windows\system32\dllcache\ultra.sys
2009-02-13 11:42 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-02-13 11:42 14,336 ac------ c:\windows\system32\dllcache\OLDC3E.tmp
2009-02-13 11:42 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
2009-02-13 11:42 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-02-13 11:42 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2009-02-13 11:42 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-02-13 11:42 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
2009-02-13 11:42 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-02-13 11:42 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-02-13 11:42 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-02-13 11:40 13,192 ac------ c:\windows\system32\dllcache\OLDBFE.tmp
2009-02-13 11:39 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-02-13 11:38 114,688 ac------ c:\windows\system32\dllcache\sonypi.dll
2009-02-13 11:37 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2009-02-13 11:36 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-02-13 11:35 77,824 ac------ c:\windows\system32\dllcache\s3sav4m.sys
2009-02-13 11:34 26,112 ac------ c:\windows\system32\dllcache\OLDB01.tmp
2009-02-13 11:33 40,448 ac------ c:\windows\system32\dllcache\ql1240.sys
2009-02-13 11:32 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-02-13 11:31 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll
2009-02-13 11:30 123,776 ac------ c:\windows\system32\dllcache\nv3.dll
2009-02-13 11:29 91,488 ac------ c:\windows\system32\dllcache\n9i3disp.dll
2009-02-13 11:28 103,296 ac------ c:\windows\system32\dllcache\mtxvideo.sys
2009-02-13 11:27 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-02-13 11:27 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-02-13 11:27 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-02-13 11:27 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-02-13 11:27 1,875,968 ac------ c:\windows\system32\dllcache\OLD9FA.tmp
2009-02-13 11:27 98,304 ac------ c:\windows\system32\dllcache\OLD9F7.tmp
2009-02-13 11:25 26,112 ac------ c:\windows\system32\dllcache\memstpci.sys
2009-02-13 11:24 25,065 ac------ c:\windows\system32\dllcache\lmndis3.sys
2009-02-13 11:23 6,144 ac------ c:\windows\system32\dllcache\OLD928.tmp
2009-02-13 11:22 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-02-13 11:21 10,096,640 ac------ c:\windows\system32\dllcache\OLD88C.tmp
2009-02-13 11:21 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-02-13 11:21 50,751 ac------ c:\windows\system32\dllcache\hsf_tone.sys
2009-02-13 11:21 73,279 ac------ c:\windows\system32\dllcache\hsf_spkp.sys
2009-02-13 11:21 44,863 ac------ c:\windows\system32\dllcache\hsf_soar.sys
2009-02-13 11:21 57,471 ac------ c:\windows\system32\dllcache\hsf_samp.sys
2009-02-13 11:21 542,879 ac------ c:\windows\system32\dllcache\hsf_msft.sys
2009-02-13 11:21 391,199 ac------ c:\windows\system32\dllcache\hsf_k56k.sys
2009-02-13 11:21 9,759 ac------ c:\windows\system32\dllcache\hsf_inst.dll
2009-02-13 11:19 83,968 ac------ c:\windows\system32\dllcache\hpgt21.dll
2009-02-13 11:18 320,384 ac------ c:\windows\system32\dllcache\g200m.sys
2009-02-13 11:17 7,040 ac------ c:\windows\system32\dllcache\exabyte2.sys
2009-02-13 11:16 283,904 ac------ c:\windows\system32\dllcache\emu10k1m.sys
2009-02-13 11:15 20,192 ac------ c:\windows\system32\dllcache\dpti2o.sys
2009-02-13 11:14 614,429 ac------ c:\windows\system32\dllcache\digiview.exe
2009-02-13 11:13 50,176 ac------ c:\windows\system32\dllcache\cyyport.sys
2009-02-13 11:12 49,182 ac------ c:\windows\system32\dllcache\cem56n5.sys
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5EB.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5E8.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5E5.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5E2.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5DF.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5DC.tmp
2009-02-13 11:00 173,602 ac------ c:\windows\system32\dllcache\OLD5D9.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5D6.tmp
2009-02-13 11:00 66,082 ac------ c:\windows\system32\dllcache\OLD5D3.tmp
2009-02-13 11:00 177,698 ac------ c:\windows\system32\dllcache\OLD5D0.tmp
2009-02-13 11:00 195,618 ac------ c:\windows\system32\dllcache\OLD5CD.tmp
2009-02-13 10:58 162,850 ac------ c:\windows\system32\dllcache\OLD5CA.tmp
2009-02-12 22:56 4,583 a------- c:\windows\system32\Config.MPF
2009-02-12 22:51 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-02-12 22:51 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-02-12 22:51 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-02-12 22:51 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-02-12 22:50 <DIR> --d----- c:\program files\common files\McAfee
2009-02-12 22:50 <DIR> --d----- c:\program files\McAfee.com
2009-02-12 22:49 <DIR> --d----- c:\program files\McAfee
2009-02-12 22:45 23,552 ac------ c:\windows\system32\dllcache\OLD187.tmp
2009-02-12 22:44 19,456 ac------ c:\windows\system32\dllcache\OLDEF.tmp
2009-02-12 22:43 32,827 ac------ c:\windows\system32\dllcache\OLD76.tmp
2009-02-12 22:42 102,509 ac------ c:\windows\system32\dllcache\OLD45.tmp
2009-02-12 22:42 49,210 ac------ c:\windows\system32\dllcache\OLD42.tmp
2009-02-12 22:42 41,020 ac------ c:\windows\system32\dllcache\OLD48.tmp
2009-02-12 22:42 147,513 ac------ c:\windows\system32\dllcache\OLD3F.tmp
2009-02-12 22:42 184,435 ac------ c:\windows\system32\dllcache\OLD39.tmp
2009-02-12 22:42 82,035 ac------ c:\windows\system32\dllcache\OLD3C.tmp
2009-02-12 22:42 188,480 ac------ c:\windows\system32\dllcache\OLD36.tmp
2009-02-12 22:42 20,540 ac------ c:\windows\system32\dllcache\OLD30.tmp
2009-02-12 22:42 16,439 ac------ c:\windows\system32\dllcache\OLD33.tmp
2009-02-12 22:42 20,540 ac------ c:\windows\system32\dllcache\OLD2A.tmp
2009-02-12 22:42 16,439 ac------ c:\windows\system32\dllcache\OLD2D.tmp
2009-02-12 15:20 <DIR> --d----- C:\VundoFix Backups
2009-02-12 12:08 <DIR> --d----- c:\program files\XP Repair Pro 4.0
2009-02-11 13:08 <DIR> --d----- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 13:03 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-09 11:27 <DIR> --d----- c:\docume~1\user\applic~1\AVGTOOLBAR
2009-02-04 12:42 233,525 -------- c:\windows\system32\isutil.dll
2009-02-04 12:42 90,112 -------- c:\windows\apptune.exe
2009-02-04 12:42 271 -------- c:\windows\apptune.ini
2009-02-04 12:42 1,953,792 -------- c:\windows\system32\pcldll6l.dll
2009-02-04 12:42 36,864 -------- c:\windows\system32\zpppcl.dll
2009-02-04 12:42 900,388 -------- c:\windows\system32\hpflash1.exe
2009-02-04 12:41 <DIR> --d----- c:\program files\hp LaserJet 1000
2009-02-04 11:58 8,628 a---h--- c:\windows\system32\zshp1000.GID
2009-02-04 11:31 10,520 a------- c:\windows\system32\avgrsstx.dll.old
2009-01-30 11:46 <DIR> --d----- C:\spoolerlogs
2009-01-27 09:03 2,138,398,720 a------- c:\windows\MEMORY.DMP
2009-01-26 15:52 70,656 -------- c:\windows\system32\Sd32.dll
2009-01-25 14:19 <DIR> --d----- c:\docume~1\user\applic~1\Symantec
2009-01-24 21:22 <DIR> --d----- c:\program files\CCleaner
2009-01-24 18:29 <DIR> --d----- c:\documents and settings\user\.housecall6.6
2009-01-24 17:12 <DIR> --d----- c:\program files\Norton Ghost
2009-01-22 20:16 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-22 17:26 <DIR> --d----- c:\program files\AVG
2009-01-22 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-22 16:41 <DIR> --d----- c:\program files\Symantec
2009-01-22 15:34 <DIR> --d----- c:\docume~1\user\applic~1\msat
2009-01-22 15:28 <DIR> --d----- c:\program files\Microsoft Corporation
2009-01-22 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\msat
2009-01-22 15:25 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-22 15:23 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-22 13:51 <DIR> --d----- c:\documents and settings\user\SecurityScans
2009-01-22 13:50 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-01-22 13:00 <DIR> --d----- c:\program files\Support Tools
2009-01-22 12:40 102,400 ac------ c:\windows\system32\dllcache\binlsvc.dll
2009-01-22 12:37 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-01-22 12:36 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-01-21 14:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-20 22:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-20 22:06 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-15 09:42 <DIR> --d----- c:\program files\Lavasoft
2009-01-14 14:47 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-01-14 14:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 14:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-14 14:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-02-12 14:33 0 ac------ c:\windows\system32\drivers\lvuvc.hs
2009-01-22 13:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-13 22:13 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-13 22:13 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-10 14:48 14,798,848 a------- C:\Build 11308.exe
2009-01-09 12:03 213,640 a------- c:\windows\system32\drivers\mfehidk.sys
2009-01-09 12:03 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-01 15:35 62,009 a------- c:\windows\system32\wpfb_igxprd32.dll
2008-12-26 23:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 14:16 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-04-24 15:27 28,460 ac------ c:\program files\read me EB
2007-11-22 01:10 30,720 ac-sh--- c:\windows\rnapxs\Rnapxs.dat
2007-07-28 06:53 56 -c-shr-- c:\windows\system32\D2027A1179.sys
2008-04-18 15:59 1,890 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-10 20:10 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051020080511\index.dat
2007-10-04 11:03 17,862,688 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2007-10-04 11:03 762,144 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 12:10:49.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 25 February 2009 - 05:53 PM

Hello dbceee,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dbceee

dbceee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 26 February 2009 - 01:07 PM

Thanks Tea!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:04:56 PM, on 26/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Belkin Automatic Power Management

Software\jre\bin\javaw.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Belkin Automatic Power Management

Software\jre\bin\javaw.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Belkin Automatic Power Management

Software\jre\bin\javaw.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\user\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users\Application

Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaP

CR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\SQLServer2005-KB96

0089-x86-ENU.exe
c:\22d79aadd53093bfb1eee9\hotfix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

= http://ca.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Skype add-on (mastermind) -

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention -

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO -

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch -

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google

Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class -

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program

Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: CA Toolbar Helper -

{FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA

Internet Security Suite\CA Website

Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -

C:\Program Files\CA\CA Internet Security Suite\CA Website

Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google Toolbar -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar -

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix

Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program

Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program

Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton

Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program

Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin

Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]

"c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]

"c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default

user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

Office\Office\OSA.EXE
O8 - Extra context menu item: Append to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing

PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}

- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Rogers Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU -

{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker Basic -

{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and

Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute

Poker Basic.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker Basic -

{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and

Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute

Poker Basic.lnk (file missing) (HKCU)
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor

Class) - http://www.facebook.com/controls/contactx.dll
O18 - Protocol: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: Faxuburl - {E2BCABF6-2420-47F8-A81D-98861CE9ABCF} -

C:\WINDOWS\system32\objegapp.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program

Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BelkinAPM - ZeroG Software -

C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software -

C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software -

C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software -

C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA

Internet Security Suite\ccprovsp.exe
O23 - Service: CarboniteService - Carbonite, Inc.

(www.carbonite.com) - C:\Program Files\Carbonite\Carbonite

Backup\carboniteservice.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) -

Unknown owner - C:\Program Files\Common Files\Portrait

Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd.

- C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) -

Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage

Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. -

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program

Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner -

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero

7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program

Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) -

Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait

Displays\Drivers\pdisrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) -

Unknown owner - C:\Program Files\CyberLink\Shared

Files\RichVideo.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers

Cable Communications - c:\program

files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers

Cable Communications - C:\Program Files\Rogers\Update

Manager\RogersUpdateManager.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver -

C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: YPCService - Yahoo! Inc. -

C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17733 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 26 February 2009 - 03:37 PM

Hello there,

You're welcome. :thumbup2:

Can you please give me an update on anything you might have done since you originally posted, and how the computer is running now.

Also, for the next time we get a HIjackThis log: The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :) If by chance you already have ComboFix please delete it and let's get a fresh copy:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dbceee

dbceee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 02 March 2009 - 12:01 PM

Thanks Teacup,

Sorry for the wordwrap on notepad, I fixed that.

Aside from the installation of Fast Recorder 3.0, I think the history I gave in this thread on 2/13 is up-to-date. No more probs with boot-up since the SFC ran successfully. Computer is still slow and has 80 - 90 processes running on it. I'd like to clear as much of the unneeded processes out if I can... Oh, I can uninstall "Absolute Poker Basic" either...

dbceee



I followed your instructions and came up with the following ComboFix log, which is below, followed by a new HijackThis log:

_____________________________________________________________________________

ComboFix 09-03-01.01 - user 2009-03-02 11:23:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1183 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\My Music\My Music.url
c:\documents and settings\All Users\Documents\My Pictures\My Pictures.url
c:\documents and settings\All Users\Documents\My Videos\My Video.url
c:\windows\system32\Cache
c:\windows\system32\tmp.reg
c:\windows\system32\wservice.exe
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-02-26 13:04 . 2009-02-26 13:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-20 14:03 . 2009-02-20 14:05 <DIR> d-------- c:\program files\FastRecorder
2009-02-20 14:03 . 2005-02-01 18:57 208,896 --a------ c:\windows\system32\topbar.dll
2009-02-20 14:03 . 2000-05-22 00:00 198,848 --a------ c:\windows\system32\MCI32.OCX
2009-02-20 14:03 . 2005-02-01 21:18 40,960 --a------ c:\windows\system32\tmrtopbar.dll
2009-02-14 13:34 . 2009-02-14 13:34 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\SACore
2009-02-13 11:47 . 2008-04-14 05:42 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-13 11:47 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-02-13 11:47 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-13 11:47 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-13 11:47 . 2008-04-14 05:42 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-13 11:47 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-13 11:46 . 2008-04-13 22:04 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-13 11:46 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-13 11:46 . 2008-04-13 22:04 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-13 11:46 . 2008-04-14 00:06 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-02-13 11:46 . 2008-04-14 05:42 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-02-13 11:44 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-02-13 11:44 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
2009-02-13 11:44 . 2001-08-17 13:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys
2009-02-13 11:44 . 2001-08-17 13:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys
2009-02-13 11:44 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
2009-02-13 11:44 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
2009-02-13 11:44 . 2001-08-17 13:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys
2009-02-13 11:44 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
2009-02-13 11:44 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
2009-02-13 11:44 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
2009-02-13 11:44 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
2009-02-13 11:44 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
2009-02-13 11:44 . 2008-04-14 00:10 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
2009-02-13 11:42 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-13 11:42 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
2009-02-13 11:42 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
2009-02-13 11:42 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
2009-02-13 11:42 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
2009-02-13 11:42 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
2009-02-13 11:42 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
2009-02-13 11:42 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
2009-02-13 11:42 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll
2009-02-13 11:42 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
2009-02-13 11:42 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
2009-02-13 11:42 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
2009-02-13 11:41 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-02-13 11:41 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
2009-02-13 11:41 . 2008-04-14 00:10 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-02-13 11:41 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-02-13 11:41 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-02-13 11:41 . 2008-04-14 05:42 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2009-02-13 11:41 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-02-13 11:41 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-02-13 11:41 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll
2009-02-13 11:41 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-02-13 11:41 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-02-13 11:41 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys
2009-02-13 11:39 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-02-13 11:39 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll
2009-02-13 11:39 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-02-13 11:39 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-02-13 11:39 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-02-13 11:39 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll
2009-02-13 11:39 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-02-13 11:39 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll
2009-02-13 11:39 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-02-13 11:39 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-02-13 11:39 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-02-13 11:39 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys
2009-02-13 11:39 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-13 11:37 . 2001-08-17 14:56 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll
2009-02-13 11:36 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-13 11:35 . 2001-08-17 14:56 210,496 --a--c--- c:\windows\system32\dllcache\s3mvirge.dll
2009-02-13 11:34 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-13 11:34 . 2001-08-17 13:28 714,762 --a--c--- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-02-13 11:34 . 2001-08-17 22:36 86,097 --a--c--- c:\windows\system32\dllcache\reslog32.dll
2009-02-13 11:34 . 2008-04-14 00:10 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2009-02-13 11:34 . 2001-08-17 13:52 49,024 --a--c--- c:\windows\system32\dllcache\ql1280.sys
2009-02-13 11:34 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\qvusd.dll
2009-02-13 11:34 . 2001-08-17 12:12 37,563 --a--c--- c:\windows\system32\dllcache\rlnet5.sys
2009-02-13 11:34 . 2001-08-17 13:51 19,584 --a--c--- c:\windows\system32\dllcache\rasirda.sys
2009-02-13 11:34 . 2001-08-17 13:53 3,328 --a--c--- c:\windows\system32\dllcache\qv2kux.sys
2009-02-13 11:32 . 2008-04-14 05:40 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2009-02-13 11:31 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-13 11:30 . 2008-04-13 22:05 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-02-13 11:30 . 2001-08-17 12:20 126,080 --a--c--- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-02-13 11:30 . 2001-08-17 22:36 123,776 --a--c--- c:\windows\system32\dllcache\nv3.dll
2009-02-13 11:30 . 2001-08-17 12:20 87,040 --a--c--- c:\windows\system32\dllcache\nm6wdm.sys
2009-02-13 11:30 . 2001-08-17 12:11 65,278 --a--c--- c:\windows\system32\dllcache\netflx3.sys
2009-02-13 11:30 . 2001-08-17 22:36 60,480 --a--c--- c:\windows\system32\dllcache\neo20xx.dll
2009-02-13 11:30 . 2001-08-17 12:49 51,552 --a--c--- c:\windows\system32\dllcache\ntgrip.sys
2009-02-13 11:30 . 2001-08-17 12:50 39,264 --a--c--- c:\windows\system32\dllcache\neo20xx.sys
2009-02-13 11:30 . 2001-08-17 12:12 32,840 --a--c--- c:\windows\system32\dllcache\ngrpci.sys
2009-02-13 11:30 . 2008-04-14 00:24 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2009-02-13 11:30 . 2001-08-17 13:49 15,872 --a--c--- c:\windows\system32\dllcache\ne2000.sys
2009-02-13 11:30 . 2001-08-17 13:47 9,344 --a--c--- c:\windows\system32\dllcache\ntapm.sys
2009-02-13 11:30 . 2001-08-17 13:53 7,552 --a--c--- c:\windows\system32\dllcache\nsmmc.sys
2009-02-13 11:28 . 2001-08-17 12:50 103,296 --a--c--- c:\windows\system32\dllcache\mtxvideo.sys
2009-02-13 11:27 . 2008-04-14 00:16 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2009-02-13 11:27 . 2008-04-14 00:24 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2009-02-13 11:27 . 2001-08-17 13:48 12,416 --a--c--- c:\windows\system32\dllcache\msriffwv.sys
2009-02-13 11:27 . 2001-08-17 14:00 2,944 --a--c--- c:\windows\system32\dllcache\msmpu401.sys
2009-02-13 11:26 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-02-13 11:26 . 2001-08-17 14:56 235,648 --a--c--- c:\windows\system32\dllcache\mgaud.dll
2009-02-13 11:26 . 2008-04-14 05:42 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-02-13 11:26 . 2008-04-14 00:16 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2009-02-13 11:26 . 2001-08-17 14:02 35,200 --a--c--- c:\windows\system32\dllcache\msgame.sys
2009-02-13 11:26 . 2001-08-17 13:52 17,280 --a--c--- c:\windows\system32\dllcache\mraid35x.sys
2009-02-13 11:26 . 2001-08-17 13:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2009-02-13 11:26 . 2008-04-14 00:16 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-02-13 11:26 . 2001-08-17 13:52 6,528 --a--c--- c:\windows\system32\dllcache\miniqic.sys
2009-02-13 11:26 . 2001-08-17 13:48 6,016 --a--c--- c:\windows\system32\dllcache\msfsio.sys
2009-02-13 11:24 . 2008-04-14 05:41 253,952 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-02-13 11:23 . 2008-04-14 05:42 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-02-13 11:23 . 2001-08-17 22:36 90,200 --a--c--- c:\windows\system32\dllcache\io8ports.dll
2009-02-13 11:23 . 2008-04-14 00:24 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2009-02-13 11:23 . 2001-08-17 12:12 45,632 --a--c--- c:\windows\system32\dllcache\ip5515.sys
2009-02-13 11:23 . 2001-08-17 13:50 38,784 --a--c--- c:\windows\system32\dllcache\io8.sys
2009-02-13 11:23 . 2008-04-14 05:41 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-02-13 11:23 . 2001-08-17 13:49 26,624 --a--c--- c:\windows\system32\dllcache\irstusb.sys
2009-02-13 11:23 . 2001-08-17 13:49 23,552 --a--c--- c:\windows\system32\dllcache\irmk7.sys
2009-02-13 11:23 . 2001-08-17 13:51 18,688 --a--c--- c:\windows\system32\dllcache\irsir.sys
2009-02-13 11:23 . 2001-08-17 13:52 16,000 --a--c--- c:\windows\system32\dllcache\ini910u.sys
2009-02-13 11:23 . 2001-08-17 13:47 13,056 --a--c--- c:\windows\system32\dllcache\inport.sys
2009-02-13 11:23 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-02-13 11:23 . 2008-04-14 00:10 5,504 --a--c--- c:\windows\system32\dllcache\intelide.sys
2009-02-13 11:21 . 2001-08-17 13:28 542,879 --a--c--- c:\windows\system32\dllcache\hsf_msft.sys
2009-02-13 11:21 . 2001-08-17 13:28 488,383 --a--c--- c:\windows\system32\dllcache\hsf_v124.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 16:26 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-03-02 14:17 --------- d-----w c:\documents and settings\user\Application Data\skypePM
2009-03-02 11:24 --------- d-----w c:\program files\Belkin Automatic Power Management Software
2009-02-27 14:30 0 -c--a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-26 22:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-11 20:22 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 19:02 --------- d-----w c:\program files\uTorrent
2009-02-04 17:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 04:50 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-01-25 19:19 --------- d-----w c:\documents and settings\user\Application Data\Symantec
2009-01-25 02:22 --------- d-----w c:\program files\CCleaner
2009-01-24 23:43 --------- d-----w c:\program files\Norton Ghost
2009-01-24 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-22 22:26 --------- d-----w c:\program files\AVG
2009-01-22 21:41 --------- d-----w c:\program files\Symantec
2009-01-22 21:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-22 20:34 --------- d-----w c:\documents and settings\user\Application Data\msat
2009-01-22 20:28 --------- d-----w c:\program files\Microsoft Corporation
2009-01-22 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\msat
2009-01-22 20:25 --------- d-----w c:\program files\Reference Assemblies
2009-01-22 20:25 --------- d-----w c:\program files\MSBuild
2009-01-22 18:50 --------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2009-01-22 18:39 --------- d-----w c:\program files\AvantGo
2009-01-22 18:00 --------- d-----w c:\program files\Support Tools
2009-01-21 03:09 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-21 03:06 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-21 03:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-15 14:42 --------- d-----w c:\program files\Lavasoft
2009-01-15 12:43 --------- d-----w c:\program files\Plaxo
2009-01-14 19:47 --------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-01-14 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 03:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-14 03:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-14 01:44 --------- d-----w c:\program files\Google
2009-01-10 19:48 14,798,848 ----a-w C:\Build 11308.exe
2009-01-09 17:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-01 20:35 62,009 ----a-w c:\windows\system32\wpfb_igxprd32.dll
2008-12-27 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-21 19:16 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-04-24 20:27 28,460 -c--a-w c:\program files\read me EB
2007-11-22 06:10 30,720 -csha-w c:\windows\rnapxs\Rnapxs.dat
2007-07-28 11:53 56 -csh--r c:\windows\system32\D2027A1179.sys
2008-04-18 20:59 1,890 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-05-11 01:10 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
2007-10-04 16:03 17,862,688 -csha-w c:\windows\system32\drivers\fidbox.dat
2007-10-04 16:03 762,144 -csha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-10-16 22:42 579728 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-10-16 22:42 579728 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-10-16 22:42 579728 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-10-16 22:42 579728 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-10-16 22:42 579728 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-10-16 667280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-30 509784]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-11-12 2037096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.EXE]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"BelkinAPM"="c:\program files\Belkin Automatic Power Management Software\BelkinAPM.exe" [2007-11-25 112640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-09-19 4347120]

c:\documents and settings\user\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll" [2007-10-15 1373624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Faxuburl"= {E2BCABF6-2420-47F8-A81D-98861CE9ABCF} - c:\windows\system32\objegapp.dll [2006-02-28 995328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
path=c:\documents and settings\user\Start Menu\Programs\Startup\IMVU.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^LifeDrive™ Manager.lnk]
backup=c:\windows\pss\LifeDrive™ Manager.lnkStartup
path=c:\documents and settings\user\Start Menu\Programs\Startup\LifeDrive™ Manager.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT ACR]
--a------ 2008-06-06 11:39 81920 c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-17 19:35 133104 c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2001-10-15 11:24 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a--c--- 2007-05-15 14:55 1057328 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a--c--- 2006-12-05 21:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2007-10-25 15:33 563984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2007-10-25 15:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
--a------ 2007-02-09 12:17 694008 c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2006-11-23 14:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rogers SHS]
--a--c--- 2008-04-08 10:15 2733416 c:\program files\Rogers\SelfHealing\shs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a--c--- 2007-05-15 14:55 1628208 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supertintin_skype]
--a------ 2008-08-04 15:57 757760 c:\program files\Supertintin for Skype\supertintin_skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-08 19:52 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-06-21 14:47 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a--c--- 2006-10-18 22:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-09-19 16:34 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2008-06-03 16:49 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WDBtnMgrSvc.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\palmOne\\HOTSYNC.EXE"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R2 BelkinAPM;BelkinAPM;c:\progra~1\BELKIN~1\BELKIN~1.EXE -zglaxservice BelkinAPM --> c:\progra~1\BELKIN~1\BELKIN~1.EXE -zglaxservice BelkinAPM [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-12 206096]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-01-01 90112]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-04-08 140648]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-07 163840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 BelkinAPMmonitor;BelkinAPMmonitor;c:\progra~1\BELKIN~1\BELKIN~4.EXE -zglaxservice BelkinAPMmonitor --> c:\progra~1\BELKIN~1\BELKIN~4.EXE -zglaxservice BelkinAPMmonitor [?]
R3 BelkinAPMRMI;BelkinAPMRMI;c:\progra~1\BELKIN~1\BELKIN~3.EXE -zglaxservice BelkinAPMRMI --> c:\progra~1\BELKIN~1\BELKIN~3.EXE -zglaxservice BelkinAPMRMI [?]
S3 BelkinAPMmanager;BelkinAPMmanager;c:\progra~1\BELKIN~1\BE8806~1.EXE -zglaxservice BelkinAPMmanager --> c:\progra~1\BELKIN~1\BE8806~1.EXE -zglaxservice BelkinAPMmanager [?]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2007-06-18 40060]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 23:49]

2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2052111302-839522115-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 19:35]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Hours3 - (no file)
HKLM-Run-WService - WService.EXE


.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: webprint.com\staplescanada
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\wy20sjxi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50ffmqie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://webmail.netflash.net/src/login.php
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50ffmqab&query=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 11:29:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C30BD23-5D28-CC72-5FC8-97C5872F837D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abeigaadlhfhnmbllebjfnbpkgmigbdmgn"=hex:61,61,00,00
"bbeigaadlhfhnmblleejcliehaibddcebibo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F03\4&14c67d85&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_5543&Pid_0005&Col03\6&17cf8203&0&0002\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-02 11:33:00
ComboFix-quarantined-files.txt 2009-03-02 16:31:45

Pre-Run: 255,759,249,408 bytes free
Post-Run: 256,411,521,024 bytes free

473 --- E O F --- 2009-03-01 18:06:12


______________________________________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:56 AM, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\CF27519.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (file missing) (HKCU)
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: Faxuburl - {E2BCABF6-2420-47F8-A81D-98861CE9ABCF} - C:\WINDOWS\system32\objegapp.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17009 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 03 March 2009 - 01:19 AM

Hello,

Good to know it's better. :) I'm still seeing remnants of the other Anti Virus programs. Do you know at this point which you'll keep? No need to be sorry about Word Wrap.....it happens. :thumbup2:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O21 - SSODL: Faxuburl - {E2BCABF6-2420-47F8-A81D-98861CE9ABCF} - C:\WINDOWS\system32\objegapp.dll


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following file(s)(if they exist):

C:\WINDOWS\system32\objegapp.dll

Reboot your computer.

I see you already have MBAM. Make sure it's updated and have a scan with it and post the report if it finds anything, please. :step4:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dbceee

dbceee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 03 March 2009 - 09:45 AM

Hi Tea,

I did the HijackThis scan and fix as you asked, but got this message [attached .jpg of Print Scrn] when I tried to delete: C:\WINDOWS\system32\objegapp.dll

What now?

dbceee

Attached Files



#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 03 March 2009 - 12:02 PM

Hello,

Open HijackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\system32

And select the file

objegapp.dll

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.

Please follow the rest of my directions above. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 dbceee

dbceee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 04 March 2009 - 05:31 PM

Ok Tea,

I got rid of:

C:\WINDOWS\system32\objegapp.dll

and the MBAM scan found nothing...

Should I ask you about getting rid of:

1. "Absolute Poker Basic" - can't get it to uninstall

2. The high number of processes - still have 70 - 90 of them

Or do I do that in another BC forum?

Thanks for the help you've been!

d.

Edited by dbceee, 04 March 2009 - 05:33 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 05 March 2009 - 03:09 PM

Hi there,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"

Highlight the poker program and you'll see on the right hand side the option to Delete this entry. Let me know if it works that way.

As for the rest, there are a lot of those that are not necessary.....depending on what you like to have running on startup. Things like Yahoo messenger and MS Office are real resource hogs and I see both of them set to run on every startup..

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 dbceee

dbceee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario
  • Local time:07:37 AM

Posted 05 March 2009 - 05:53 PM

Hi Tea,

Thanks for the reply.

About "Absolute Poker Basic" program: it doesn't show up in the list that Uninstall Manager of HijackThis generates, but it shows up as a program in the "Add or Remove Programs" window from the Control Panel and of course, when I try to uninstall it there, I can't [it goes thru an uninstall process but then doesn't disappear from the active list within the "Add or Remove Programs" window.

What's up with that?

I'll deal with the processes after...

Thanks,

d.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 05 March 2009 - 06:03 PM

Hi,

Let's try it this way then :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (file missing) (HKCU)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker Basic

Reboot your computer.

Let me know if that does it. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 15 March 2009 - 09:22 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users