TechSpot

Redirecting Problem (8 steps completed) (resident shield alert)

By dmbeaton
Jul 9, 2010
  1. Thanks in advance for any help. The following are the logs generated from the 8 steps.

    D



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4294

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/8/2010 11:17:04 PM
    mbam-log-2010-07-08 (23-17-04).txt

    Scan type: Quick scan
    Objects scanned: 154022
    Time elapsed: 7 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    Gmer Log is blank.




    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Beaton at 9:15:26.98 on Fri 07/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3838.3224 [GMT -6:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\OEM03Mon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\AVG\AVG8\avgupd.exe
    C:\Documents and Settings\Beaton\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: H - No File
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: &Google Notebook: {ccccccd3-666f-4f81-8b69-745de9f6d897} - c:\program files\google\google notebook\gnotes1.0.2.19-1570404595.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
    TB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19-1570404595.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\beaton\application data\mozilla\firefox\profiles\gzgnx7wh.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.60.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19-1570404595.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    uRun: [Google Update] "c:\documents and settings\beaton\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [WD Button Manager] WDBtnMgr.exe
    mRun: [SetIcon] \Program Files\WDC\SetIcon.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
    IE:
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    Trusted Zone: google.com\www
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c5/v20.141/qboax10.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CCAF31F4-3DA5-48AB-853B-1E6115C01218} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vivonet.webex.com/client/T25L/webex/ieatgpc.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 297752]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-13 704432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-13 704432]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-28 2789672]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-9 24652]
    R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-12-8 7424]
    R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-12-8 235808]
    S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-26 29744]
    S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2008-8-28 9728]
    S3 Ussvretserm;Ussvretserm; [x]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-28 15656]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-07-09 01:17:48 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-09 01:16:59 0 d-----w- c:\program files\iTunes
    2010-07-09 00:36:04 1100 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-08 23:54:42 120 ----a-w- c:\windows\Sxepalebinur.dat
    2010-07-08 23:54:42 0 ----a-w- c:\windows\Tduyobek.bin

    ==================== Find3M ====================

    2010-05-10 22:11:19 194303 ----a-w- c:\windows\fonts\AdobeFnt.lst
    2010-04-21 20:54:36 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-04-21 20:54:28 2316712 ----a-w- c:\windows\system32\Incinerator.dll
    2008-08-02 01:57:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

    ============= FINISH: 9:17:29.37 ===============



    DDS (Ver_10-03-17.01)

    instruction on dds said to wait to post this log until requested.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay to post the Attach.txt log. GMER should not be returning a blank log.

    What is the Resident Shield alerting you to?

    Please update Java to v6u20: Java Updates

    Then uninstall the following old versions which are vulnerabilities:
    v5u6, v6u2,3,5,7, and 15.
    ==============================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Re-enable your Antivirus software.
    =============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I will be setting up some script to run in Combofix after you have scanned. Please include both logs in your next reply.

    EDIT: I notice you have AVG v8. I believe that has been outdated for awhile. If you plan to keep this AV, you should update to current v9.
     
  3. dmbeaton

    dmbeaton TS Rookie Topic Starter

    attach log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/22/2005 12:01:03 PM
    System Uptime: 7/9/2010 9:05:26 AM (0 hours ago)

    Motherboard: Dell Inc. | |
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 71 GiB total, 25.776 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 1397 GiB total, 1357.378 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP593: 4/11/2010 3:02:36 AM - System Checkpoint
    RP594: 4/12/2010 5:45:09 PM - System Checkpoint
    RP595: 4/13/2010 6:19:42 PM - System Checkpoint
    RP596: 4/14/2010 3:00:17 AM - Software Distribution Service 3.0
    RP597: 4/15/2010 3:00:30 AM - Software Distribution Service 3.0
    RP598: 4/16/2010 3:45:22 AM - System Checkpoint
    RP599: 4/17/2010 4:06:39 AM - System Checkpoint
    RP600: 4/18/2010 5:06:40 AM - System Checkpoint
    RP601: 4/19/2010 6:06:40 AM - System Checkpoint
    RP602: 4/20/2010 7:06:38 AM - System Checkpoint
    RP603: 4/21/2010 7:06:59 AM - System Checkpoint
    RP604: 4/22/2010 8:06:48 AM - System Checkpoint
    RP605: 4/23/2010 9:06:04 AM - System Checkpoint
    RP606: 4/24/2010 9:06:49 AM - System Checkpoint
    RP607: 4/25/2010 10:38:38 AM - System Checkpoint
    RP608: 4/26/2010 1:33:03 PM - System Checkpoint
    RP609: 4/27/2010 2:07:10 PM - System Checkpoint
    RP610: 4/28/2010 2:36:45 PM - System Checkpoint
    RP611: 4/29/2010 4:28:22 PM - System Checkpoint
    RP612: 4/30/2010 4:36:45 PM - System Checkpoint
    RP613: 5/1/2010 5:36:45 PM - System Checkpoint
    RP614: 5/2/2010 6:40:29 PM - System Checkpoint
    RP615: 5/3/2010 7:36:54 PM - System Checkpoint
    RP616: 5/4/2010 8:37:07 PM - System Checkpoint
    RP617: 5/5/2010 9:36:50 PM - System Checkpoint
    RP618: 5/6/2010 10:36:50 PM - System Checkpoint
    RP619: 5/7/2010 11:36:50 PM - System Checkpoint
    RP620: 5/8/2010 11:36:57 PM - System Checkpoint
    RP621: 5/10/2010 12:36:59 AM - System Checkpoint
    RP622: 5/11/2010 1:36:59 AM - System Checkpoint
    RP623: 5/12/2010 2:36:58 AM - System Checkpoint
    RP624: 5/12/2010 3:00:24 AM - Software Distribution Service 3.0
    RP625: 5/13/2010 3:37:08 AM - System Checkpoint
    RP626: 5/14/2010 4:37:00 AM - System Checkpoint
    RP627: 5/15/2010 5:37:00 AM - System Checkpoint
    RP628: 5/16/2010 6:37:05 AM - System Checkpoint
    RP629: 5/17/2010 7:37:05 AM - System Checkpoint
    RP630: 5/18/2010 8:37:15 AM - System Checkpoint
    RP631: 5/19/2010 9:37:05 AM - System Checkpoint
    RP632: 5/20/2010 11:00:42 AM - System Checkpoint
    RP633: 5/21/2010 11:15:31 AM - System Checkpoint
    RP634: 5/22/2010 1:17:25 PM - System Checkpoint
    RP635: 5/23/2010 1:30:31 PM - System Checkpoint
    RP636: 5/24/2010 3:42:57 PM - System Checkpoint
    RP637: 5/28/2010 2:04:06 PM - System Checkpoint
    RP638: 5/29/2010 3:00:16 AM - Software Distribution Service 3.0
    RP639: 5/30/2010 3:38:50 AM - System Checkpoint
    RP640: 5/31/2010 4:38:50 AM - System Checkpoint
    RP641: 6/1/2010 5:38:50 AM - System Checkpoint
    RP642: 6/2/2010 6:38:52 AM - System Checkpoint
    RP643: 6/3/2010 7:38:52 AM - System Checkpoint
    RP644: 6/4/2010 8:38:53 AM - System Checkpoint
    RP645: 6/5/2010 9:38:53 AM - System Checkpoint
    RP646: 6/6/2010 9:39:01 AM - System Checkpoint
    RP647: 6/7/2010 1:10:01 PM - System Checkpoint
    RP648: 6/8/2010 1:38:26 PM - System Checkpoint
    RP649: 6/9/2010 3:26:19 PM - System Checkpoint
    RP650: 6/10/2010 6:46:57 PM - System Checkpoint
    RP651: 6/11/2010 3:00:44 AM - Software Distribution Service 3.0
    RP652: 6/12/2010 3:40:08 AM - System Checkpoint
    RP653: 6/13/2010 3:44:59 AM - System Checkpoint
    RP654: 6/14/2010 4:44:44 AM - System Checkpoint
    RP655: 6/15/2010 5:44:45 AM - System Checkpoint
    RP656: 6/16/2010 6:44:44 AM - System Checkpoint
    RP657: 6/17/2010 7:44:43 AM - System Checkpoint
    RP658: 6/18/2010 8:44:43 AM - System Checkpoint
    RP659: 6/19/2010 9:44:43 AM - System Checkpoint
    RP660: 6/20/2010 9:44:53 AM - System Checkpoint
    RP661: 6/21/2010 10:44:52 AM - System Checkpoint
    RP662: 6/22/2010 8:51:58 AM - Avg8 Update
    RP663: 6/23/2010 10:20:24 AM - System Checkpoint
    RP664: 6/24/2010 3:00:19 AM - Software Distribution Service 3.0
    RP665: 6/25/2010 3:45:01 AM - System Checkpoint
    RP666: 6/26/2010 4:44:53 AM - System Checkpoint
    RP667: 6/27/2010 5:44:59 AM - System Checkpoint
    RP668: 6/28/2010 6:45:00 AM - System Checkpoint
    RP669: 6/29/2010 7:44:59 AM - System Checkpoint
    RP670: 6/30/2010 8:44:56 AM - System Checkpoint
    RP671: 7/1/2010 8:52:09 AM - System Checkpoint
    RP672: 7/2/2010 9:52:09 AM - System Checkpoint
    RP673: 7/3/2010 10:52:18 AM - System Checkpoint
    RP674: 7/4/2010 11:52:09 AM - System Checkpoint
    RP675: 7/5/2010 5:05:44 PM - System Checkpoint
    RP676: 7/6/2010 5:21:20 PM - System Checkpoint
    RP677: 7/7/2010 5:52:11 PM - System Checkpoint
    RP678: 7/8/2010 9:42:09 AM - Avg8 Update
    RP679: 7/8/2010 9:43:06 AM - Avg8 Update
    RP680: 7/8/2010 7:13:43 PM - Restore Operation
    RP681: 7/8/2010 7:21:56 PM - Avg8 Update
    RP682: 7/8/2010 7:23:11 PM - Avg8 Update

    ==== Installed Programs ======================

    ABBYY FineReader for ScanSnap (TM) 3.0
    Ad-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Audition 1.0
    Adobe Creative Suite
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe PageMaker 7.0
    Adobe Reader 6.0.1
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Reader 8.1.6
    Adobe Reader 8.2.1
    Adobe SVG Viewer 3.0
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazon Kindle For PC v1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Audible Download Manager
    AudibleManager
    Autodesk Architectural Desktop 2006
    Autodesk DWF Viewer
    AVG Free 8.5
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Blurb BookSmart 1.1
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.2
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Driver Reset Tool
    Dell Picture Studio v3.0
    Dell System Restore
    DELL Webcam Center
    DELL Webcam Manager
    DellSupport
    Download Updater (AOL LLC)
    Dragon NaturallySpeaking 10
    Dramatica Pro 4.0
    Dramatica Story Wizard
    EPSON Print CD
    EPSON Printer Software
    EPSON SP1400 Reference Guide
    Folder Size for Windows
    Google Chrome
    Google Desktop
    Google SketchUp Pro 7
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Web Accelerator
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Software v9.2.4.11
    Intel(R) PROSafe for Wired Connections
    Internet Explorer Default Page
    iolo technologies' System Mechanic Professional
    iPod for Windows 2006-03-23
    isee Player 9.0.1
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 4.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Small Business Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Monitor Integrated Webcam Driver (1.00.13.0608)
    Mosaic Creator 2.8
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    OpenOffice.org Installer 1.0
    Opera 9.01
    PDF-XChange 3.0
    Picasa 3
    PowerDVD 5.6
    Progeny's Timeline Maker 2.1 Demo
    Qualxserve Service Agreement
    QuickTime
    RealPlayer
    Retrospect 6.5
    Rhapsody
    Rhapsody Player Engine
    Roxio Media Manager
    ScanSnap Manager
    ScanSnap Organizer
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
     
  4. dmbeaton

    dmbeaton TS Rookie Topic Starter

    attach log cont

    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    SigmaTel Audio
    Skype™ 3.8
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    stepHACCP
    StoryView 2.0
    Toon Boom Storyboard Pro Trial
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    Visual C++ Runtime for Dragon NaturallySpeaking
    VZAccess Manager for RIM
    Wacom Tablet
    WD Media Center Driver
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WordPerfect Office 12

    ==== Event Viewer Messages From Past Week ========

    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The TabletServiceWacom service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Retrospect WD Service service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Retrospect Launcher service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Folder Size service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:48 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:47 PM, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:47 PM, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:47 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    7/8/2010 9:45:47 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    7/8/2010 9:45:47 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/8/2010 7:01:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    7/8/2010 6:58:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 FileDisk Fips intelppm
    7/8/2010 6:53:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/8/2010 6:50:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 FileDisk Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 6:50:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    7/8/2010 6:50:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/8/2010 11:34:23 PM, error: System Error [1003] - Error code 10000050, parameter1 a905bb30, parameter2 00000001, parameter3 a8f20fa6, parameter4 00000000.
    7/8/2010 1:38:16 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%2" Happened while starting this command:  -Embedding
    7/8/2010 1:25:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    7/8/2010 1:25:00 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
  5. dmbeaton

    dmbeaton TS Rookie Topic Starter

    java

    updated Java to v6u20

    uninstalled the following old versions which are vulnerabilities:
    v5u6, v6u2,3,5,7, and 15.
     
  6. dmbeaton

    dmbeaton TS Rookie Topic Starter

    combo fix log

    ComboFix 10-07-08.02 - Beaton 07/09/2010 12:13:18.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3838.3333 [GMT -6:00]
    Running from: c:\documents and settings\Beaton\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Beaton\g2mdlhlpx.exe
    c:\documents and settings\Beaton\GoToAssistDownloadHelper.exe
    c:\documents and settings\Beaton\Local Settings\Application Data\{A6B2EFE2-5BDC-4AF1-8E14-CAFD7822C195}
    c:\documents and settings\Beaton\Local Settings\Application Data\{A6B2EFE2-5BDC-4AF1-8E14-CAFD7822C195}\chrome\content\_cfg.js
    c:\documents and settings\Beaton\Local Settings\Application Data\{A6B2EFE2-5BDC-4AF1-8E14-CAFD7822C195}\chrome\content\overlay.xul
    c:\documents and settings\Beaton\Local Settings\Application Data\{A6B2EFE2-5BDC-4AF1-8E14-CAFD7822C195}\install.rdf
    c:\windows\Downloaded Program Files\Temp
    c:\windows\system\msvbvm60.dll
    c:\windows\xpsp1hfm.log
    F:\Autorun.inf

    Infected copy of c:\windows\system32\drivers\avgldx86.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
    .

    2010-07-09 17:44 . 2010-07-09 17:44 503808 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\msvcp71.dll
    2010-07-09 17:44 . 2010-07-09 17:44 499712 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\jmc.dll
    2010-07-09 17:44 . 2010-07-09 17:44 348160 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\msvcr71.dll
    2010-07-09 17:44 . 2010-07-09 17:44 61440 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7213178d-n\decora-sse.dll
    2010-07-09 17:44 . 2010-07-09 17:44 12800 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7213178d-n\decora-d3d.dll
    2010-07-09 17:44 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-09 01:17 . 2010-07-09 01:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-09 01:17 . 2010-07-09 01:17 -------- d-----w- c:\program files\QuickTime
    2010-07-09 01:16 . 2010-07-09 01:17 -------- d-----w- c:\program files\iTunes
    2010-07-09 00:51 . 2010-07-09 00:51 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
    2010-07-09 00:50 . 2010-07-09 00:50 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-07-09 00:36 . 2010-07-09 00:36 1100 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-09 00:35 . 2010-07-09 00:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-08 23:54 . 2010-07-08 23:54 120 ----a-w- c:\windows\Sxepalebinur.dat
    2010-07-08 23:54 . 2010-07-08 23:54 0 ----a-w- c:\windows\Tduyobek.bin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-09 18:24 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\Beaton\Application Data\WTablet
    2010-07-09 17:51 . 2005-07-07 07:42 -------- d-----w- c:\program files\Java
    2010-07-09 17:45 . 2005-07-07 07:42 -------- d-----w- c:\program files\Common Files\Java
    2010-07-09 04:30 . 2010-04-08 16:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-09 02:36 . 2010-01-29 23:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
    2010-07-09 01:56 . 2008-11-11 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-09 01:19 . 2010-06-03 21:04 -------- d-----w- c:\program files\Bonjour
    2010-07-09 01:17 . 2010-06-03 21:07 -------- d-----w- c:\program files\QuickTime(2)
    2010-07-09 01:16 . 2010-06-03 21:10 -------- d-----w- c:\program files\iTunes(2)
    2010-07-09 01:16 . 2007-07-25 00:15 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-09 00:24 . 2008-12-29 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-07-08 19:21 . 2010-01-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
    2010-07-02 19:44 . 2008-03-20 21:39 -------- d-----w- c:\documents and settings\Beaton\Application Data\Costco Photo Viewer US
    2010-06-03 21:13 . 2005-12-24 23:19 -------- d-----w- c:\documents and settings\Beaton\Application Data\Apple Computer
    2010-06-03 21:11 . 2010-06-03 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-03 21:10 . 2006-04-28 18:39 -------- d-----w- c:\program files\iPod
    2010-05-20 23:09 . 2010-01-13 22:50 1533 ----a-w- c:\documents and settings\Beaton\Application Data\iolo\restore.bat
    2010-05-13 17:32 . 2005-07-29 19:02 -------- d-----w- c:\documents and settings\Beaton\Application Data\AdobeUM
    2010-04-29 21:39 . 2008-11-11 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 21:39 . 2008-11-11 21:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 20:54 . 2010-01-13 22:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-04-21 20:54 . 2010-01-13 22:38 2316712 ----a-w- c:\windows\system32\Incinerator.dll
    2010-04-14 23:00 . 2010-05-20 22:56 10934656 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
    2010-04-11 04:09 . 2010-01-14 03:47 518 ----a-w- c:\documents and settings\Beaton\Application Data\iolo\Registry\Last\restore.bat
    2008-05-26 16:49 . 2008-05-26 16:49 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2006-06-16 03:33 . 2008-12-08 16:29 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 01:43 . 2008-12-08 16:29 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 21:41 . 2008-12-08 16:29 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 20:10 . 2008-12-08 16:29 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 19:19 . 2008-12-08 16:28 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 01:35 . 2008-12-08 16:29 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 18:10 . 2008-12-08 16:28 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 18:42 . 2008-12-08 16:28 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 18:22 . 2008-12-08 16:28 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 18:21 . 2008-12-08 16:28 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "Google Update"="c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-08 133104]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-26 29744]
    "WD Button Manager"="WDBtnMgr.exe" [2008-08-28 331776]
    "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2008-9-20 24576]
    ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-9-20 1769472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-24 15:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
    2003-10-13 22:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-03-30 02:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-04-28 20:34 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 1400 Series]
    2006-10-11 10:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBUA.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-04-25 13:50 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2008-10-24 16:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 16:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-09 03:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    2004-09-06 00:20 380928 ----a-w- c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2005-03-22 23:20 339968 ----a-w- c:\windows\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2008-11-18 23:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
     
  7. dmbeaton

    dmbeaton TS Rookie Topic Starter

    comfix cont.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-25 23:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\utorrent\\utorrent.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/29/2008 1:06 PM 335240]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 10:33 AM 297752]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/13/2010 4:38 PM 704432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/13/2010 4:38 PM 704432]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/28/2010 1:02 PM 2789672]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/9/2008 6:46 PM 24652]
    R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [12/8/2008 10:26 AM 7424]
    R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [12/8/2008 10:26 AM 235808]
    S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/26/2008 10:49 AM 29744]
    S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [8/28/2008 12:19 PM 9728]
    S3 Ussvretserm;Ussvretserm; [x]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/28/2010 1:02 PM 15656]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

    2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631045505-1561735957-1616786228-1006Core.job
    - c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 21:42]

    2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631045505-1561735957-1616786228-1006UA.job
    - c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 21:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE:
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: google.com\www
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-09 12:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3220)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\FolderSize\FolderSizeSvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dantz\Retrospect\retrorun.exe
    c:\progra~1\Dantz\RETROS~1\wdsvc.exe
    c:\windows\system32\WDBtnMgr.exe
    c:\program files\WDC\SetIcon.exe
    c:\windows\system32\WTablet\Wacom_TabletUser.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-09 12:32:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-09 18:32

    Pre-Run: 27,770,675,200 bytes free
    Post-Run: 27,534,811,136 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - E051F7F329E0CAA8DB78B646CBD494CA
     
  8. dmbeaton

    dmbeaton TS Rookie Topic Starter

    eset log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=55fd6b8d61f5e04cb3ced3e1bb1bfc47
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-09 07:39:22
    # local_time=2010-07-09 01:39:22 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777191 100 0 48040765 48040765 0 0
    # compatibility_mode=7425 16777213 50 92 0 69328798 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=130297
    # found=2
    # cleaned=0
    # scan_time=3237
    C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\avgldx86.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
     
  9. dmbeaton

    dmbeaton TS Rookie Topic Starter

    I hope the way i split these works for you. Thanks again for the help.

    Thanks for taking the time to look this over.

    D
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What kind of restore did you do?
    After you ran the scans? Before you ran the scans?
     
  11. dmbeaton

    dmbeaton TS Rookie Topic Starter

    restore

    When the problem first occurred I did a system restore using the windows xp restore.

    I have not touched anything after contacting you except what you've instructed.

    Sorry if this worsened the problem.

    Dave
     
  12. dmbeaton

    dmbeaton TS Rookie Topic Starter

    system restore

    I don't know if it would help but the system restore I used stated that it could be undone.

    D
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You will find it much easier to paste the logs in if you open Notepad> Format> uncheck Word Wrap.

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\Sxepalebinur.dat
    c:\windows\Tduyobek.bin
    c:\program files\Viewpoint\Common\ViewpointService.exe
    C:\i386\GTDownDE_87.ocx
    
    Folder::
    
    DDS:
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun: [<NO NAME>]
    
    Registry::
    
    Driver::
    Ussvretserm
    Viewpoint Manager Service
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Trusted Zone: google.com\www> Please remove Google from the Trusted Zone. It is an internet search engine. The Trusted Zone has lower security than the other zones. You don't need to have anything in that zone- especially a searh engine.

    I see entries for both AVG8 and AVG 8.5. Please check the aAVG site- I think the current version is v9

    How is the redirecting?
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    System Restore works like this: when you want to try to resolve some kind or problem by using the System Restore feature, you choose a date before the current date and you system is 'restored' to what it was on the date you choose.

    Some system features, like some installs, can be removed in a System Restore. If you did a System Restore, then did the scans, that's okay. But if you ran the scans, then did a system restore to an earlier date, some of the entries in the logs I see may be different.

    This will help you understand: Use System Restore to Undo Changes if Problems Occur

    Leave it for now- don't go back and undo it.

    Edit: One of the deletions in Combofix can indicate an infected flash drive. It was on the "F" drive. So if you used a flash drive during this process-or the malware came from a flash drive, we will need to disinfect that also.
     
  15. dmbeaton

    dmbeaton TS Rookie Topic Starter

    Combofix log

    ComboFix 10-07-10.01 - Beaton 07/10/2010 18:29:59.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3838.3212 [GMT -6:00]
    Running from: c:\documents and settings\Beaton\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Beaton\Desktop\CFScript.txt
    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    * Created a new restore point

    FILE ::
    "c:\i386\GTDownDE_87.ocx"
    "c:\program files\Viewpoint\Common\ViewpointService.exe"
    "c:\windows\Sxepalebinur.dat"
    "c:\windows\Tduyobek.bin"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\i386\GTDownDE_87.ocx
    c:\program files\Viewpoint\Common\ViewpointService.exe
    c:\windows\Sxepalebinur.dat
    c:\windows\Tduyobek.bin

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_VIEWPOINT_MANAGER_SERVICE
    -------\Service_Ussvretserm
    -------\Service_Viewpoint Manager Service


    ((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
    .

    2010-07-10 23:59 . 2010-07-10 23:59 -------- d-----w- C:\$AVG
    2010-07-10 23:58 . 2010-07-10 23:58 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-07-10 23:58 . 2010-07-10 23:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-07-10 23:58 . 2010-07-10 23:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-10 23:58 . 2010-07-10 23:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-07-10 23:58 . 2010-07-10 23:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-07-09 18:41 . 2010-07-09 18:41 -------- d-----w- c:\program files\ESET
    2010-07-09 18:30 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-09 17:44 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-09 01:17 . 2010-07-09 01:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-09 01:17 . 2010-07-09 01:17 -------- d-----w- c:\program files\QuickTime
    2010-07-09 01:16 . 2010-07-09 01:17 -------- d-----w- c:\program files\iTunes
    2010-07-09 00:51 . 2010-07-09 00:51 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
    2010-07-09 00:50 . 2010-07-09 00:50 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-07-09 00:36 . 2010-07-09 00:36 1100 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-09 00:35 . 2010-07-09 00:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-11 00:39 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\Beaton\Application Data\WTablet
    2010-07-11 00:38 . 2010-01-29 23:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
    2010-07-11 00:00 . 2007-07-25 16:19 -------- d-----w- c:\program files\Autodesk Architectural Desktop 2006
    2010-07-10 23:58 . 2008-12-29 19:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-10 23:58 . 2008-12-29 19:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-07-10 23:58 . 2009-02-05 16:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-10 23:58 . 2009-06-26 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-07-10 23:58 . 2008-12-29 19:06 -------- d-----w- c:\program files\AVG
    2010-07-09 17:51 . 2005-07-07 07:42 -------- d-----w- c:\program files\Java
    2010-07-09 17:45 . 2005-07-07 07:42 -------- d-----w- c:\program files\Common Files\Java
    2010-07-09 17:44 . 2010-07-09 17:44 503808 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\msvcp71.dll
    2010-07-09 17:44 . 2010-07-09 17:44 499712 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\jmc.dll
    2010-07-09 17:44 . 2010-07-09 17:44 348160 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-580dbf67-n\msvcr71.dll
    2010-07-09 17:44 . 2010-07-09 17:44 61440 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7213178d-n\decora-sse.dll
    2010-07-09 17:44 . 2010-07-09 17:44 12800 ----a-w- c:\documents and settings\Beaton\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7213178d-n\decora-d3d.dll
    2010-07-09 04:30 . 2010-04-08 16:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-09 01:56 . 2008-11-11 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-09 01:19 . 2010-06-03 21:04 -------- d-----w- c:\program files\Bonjour
    2010-07-09 01:17 . 2010-06-03 21:07 -------- d-----w- c:\program files\QuickTime(2)
    2010-07-09 01:16 . 2010-06-03 21:10 -------- d-----w- c:\program files\iTunes(2)
    2010-07-09 01:16 . 2007-07-25 00:15 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-08 19:21 . 2010-01-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
    2010-07-02 19:44 . 2008-03-20 21:39 -------- d-----w- c:\documents and settings\Beaton\Application Data\Costco Photo Viewer US
    2010-06-03 21:13 . 2005-12-24 23:19 -------- d-----w- c:\documents and settings\Beaton\Application Data\Apple Computer
    2010-06-03 21:11 . 2010-06-03 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-03 21:10 . 2006-04-28 18:39 -------- d-----w- c:\program files\iPod
    2010-05-20 23:09 . 2010-01-13 22:50 1533 ----a-w- c:\documents and settings\Beaton\Application Data\iolo\restore.bat
    2010-05-17 15:25 . 2010-05-17 15:25 -------- d-----w- c:\documents and settings\Backup\Application Data\WTablet
    2010-05-13 17:32 . 2005-07-29 19:02 -------- d-----w- c:\documents and settings\Beaton\Application Data\AdobeUM
    2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 21:39 . 2008-11-11 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 21:39 . 2008-11-11 21:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 20:54 . 2010-01-13 22:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-04-21 20:54 . 2010-01-13 22:38 2316712 ----a-w- c:\windows\system32\Incinerator.dll
    2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-14 23:00 . 2010-05-20 22:56 10934656 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
    2008-05-26 16:49 . 2008-05-26 16:49 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2006-06-16 03:33 . 2008-12-08 16:29 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 01:43 . 2008-12-08 16:29 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 21:41 . 2008-12-08 16:29 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 20:10 . 2008-12-08 16:29 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 19:19 . 2008-12-08 16:28 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 01:35 . 2008-12-08 16:29 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 18:10 . 2008-12-08 16:28 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 18:42 . 2008-12-08 16:28 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 18:22 . 2008-12-08 16:28 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 18:21 . 2008-12-08 16:28 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-04-19 16:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "Google Update"="c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-08 133104]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-26 29744]
    "WD Button Manager"="WDBtnMgr.exe" [2008-08-28 331776]
    "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-10 2065760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2008-9-20 24576]
    ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-9-20 1769472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-10 23:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
    2003-10-13 22:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-03-30 02:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-04-28 20:34 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 1400 Series]
    2006-10-11 10:01 143360 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBUA.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-04-25 13:50 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
     
  16. dmbeaton

    dmbeaton TS Rookie Topic Starter

    Combofix log cont.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2008-10-24 16:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 16:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-09 03:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    2004-09-06 00:20 380928 ----a-w- c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2005-03-22 23:20 339968 ----a-w- c:\windows\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2008-11-18 23:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-25 23:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\utorrent\\utorrent.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Beaton\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7/10/2010 5:58 PM 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/10/2010 5:58 PM 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/29/2008 1:06 PM 216400]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/10/2010 5:58 PM 243024]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/10/2010 5:58 PM 308136]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/10/2010 5:58 PM 2331032]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/10/2010 5:58 PM 5897808]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/13/2010 4:38 PM 704432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/13/2010 4:38 PM 704432]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/28/2010 1:02 PM 2789672]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/10/2010 5:58 PM 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/10/2010 5:58 PM 122448]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/10/2010 5:58 PM 30288]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/10/2010 5:58 PM 26192]
    R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [12/8/2008 10:26 AM 7424]
    R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [12/8/2008 10:26 AM 235808]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/10/2010 5:58 PM 430152]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/10/2010 5:58 PM 30104]
    S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/26/2008 10:49 AM 29744]
    S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [8/28/2008 12:19 PM 9728]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/28/2010 1:02 PM 15656]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

    2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631045505-1561735957-1616786228-1006Core.job
    - c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 21:42]

    2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2631045505-1561735957-1616786228-1006UA.job
    - c:\documents and settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 21:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE:
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-10 18:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3256)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\FolderSize\FolderSizeSvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgam.exe
    c:\program files\Dantz\Retrospect\retrorun.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\progra~1\Dantz\RETROS~1\wdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\WTablet\Wacom_TabletUser.exe
    c:\windows\system32\WDBtnMgr.exe
    c:\program files\WDC\SetIcon.exe
    c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-10 18:47:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-11 00:46
    Here is the log that was returned from the file. I updated AVG and removed google from "trusted" site category.

    Thanks again for your help.


    ComboFix2.txt 2010-07-09 18:32

    Pre-Run: 26,404,900,864 bytes free
    Post-Run: 26,473,422,848 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - A0855E1DC2F36DC3212EF7CA657EC29D
     
  17. dmbeaton

    dmbeaton TS Rookie Topic Starter

    Wordwrap is unchecked but I keep getting the "message is too many characters".
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, Combofix looks good. How is the redirecting? Stopped? Any other problems related to the malware?

    About the Resident Shield: There is an entry from the iolo System Mechanic program: iolo\System Shield\SSEngineUpd.exe referring to the System Shield software having an antivirus and firewall:
    but the additional entries from the program refer to System Mechanic[/]b so I'm not sure which program you have. If you want a recommendation though, it would be to remove either/both of them.

    But AVG also has a Resident Shield. See THIS to disable it.

    Let's make sure there's no bad entry running:

    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  19. dmbeaton

    dmbeaton TS Rookie Topic Starter

    Hijack this log. Thanks.

    Redirecting has stopped and there aren't any other symptoms. My internet speed has really jumped and is noticeably faster.

    The following is the hijack this log.

    Thanks again for looking this over.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:58:52 AM, on 7/13/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\OEM03Mon.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\WDC\SetIcon.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1570404595.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1570404595.dll
    O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Beaton\Application Data\Mozilla\Firefox\Profiles\gzgnx7wh.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.60.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\DOCUME~1\Beaton\LOCALS~1\Temp\E_S1E1.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beaton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
    O4 - Global Startup: ScanSnap Manager.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - https://accounting.quickbooks.com/c5/v20.141/qboax10.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://vivonet.webex.com/client/T25L/webex/ieatgpc.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 15371 bytes
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Looks good. Check the AVG and make sure it starting on boot. Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ======================================
    And tips for continues safe browsing:

    Please follow these simple steps to keep your computer clean and secure:


    Stay current on updates:
    • Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates: Windows XP> SP2, SP3.
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    Do regular Maintenance
    • Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
    • Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.

    Have layered Security:
    • Antivirus Software(only one): Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o] Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.

    Let me know if you need more help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...