Unsolved
This post is more than 5 years old
18 Posts
0
2937
Redirected searches on IE and Firefox - please help, I have tried all kinds of anti-spyware and nothing is working
I have a browser hijacker problem that I cannot figure out - by looking at another post it looks like I have a corrupted host file? I have tried SpyBot, SpyDoctor, MIcrosoft Security, Spyware Blaster, Avast, Malware Bytes....can anyone help me?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:09 AM, on 3/29/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma3
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S229.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {8F448DD6-D3BA-47F0-BC57-E6BA05E74983} - http://qwest.live.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - {7b6875a5-1610-458d-8f6a-f3f8cad928b4} - C:\WINDOWS\mark_32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c98a12e8536556) (gupdate1c98a12e8536556) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10022 bytes
chzbrger
18 Posts
0
April 9th, 2011 07:00
Hi - this won't wipe my hard drive, will it? I have a ton of pictures on this computer that I haven't been able to back up yet and just want to make sure - thanks!
kevin27_b3d29f
1.5K Posts
0
April 9th, 2011 12:00
Hi,
No this procedure will not wipe the hard drive, all this will do is replace a corrupt system file on the hard drive with a clean one from the Windows disk.
Thanks.
chzbrger
18 Posts
0
April 10th, 2011 10:00
Hi, here is the new ComboFix log, THANKS!
ComboFix 11-04-09.01 - Eric DeYoung 04/10/2011 10:48:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.613 [GMT -5:00]
Running from: c:\documents and settings\Eric DeYoung\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\i386\winlogon.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:03 . 2011-04-08 13:03 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 13:02 . 2011-04-08 13:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 13:02 . 2011-04-08 13:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 13:02 . 2011-04-08 13:02 -------- d-----w- c:\program files\Java
2011-04-07 01:57 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-04-07 01:57 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-04-07 01:57 . 1999-05-07 18:24 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-07 01:57 . 1999-05-07 18:24 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2011-04-07 01:57 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-04-07 01:57 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 01:56 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-05 23:58 . 2011-04-05 23:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-03 19:34 . 2011-04-03 19:35 -------- d-----w- c:\program files\CCleaner
2011-03-30 17:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 18:50 . 2011-03-28 18:50 -------- d-----w- c:\documents and settings\Eric DeYoung\DoctorWeb
2011-03-26 20:40 . 2011-03-26 20:40 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-03-26 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-04-07 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-25 19:28 . 2011-03-25 19:28 -------- d-----w- c:\documents and settings\Eric DeYoung\Local Settings\Application Data\Mozilla
2011-03-24 13:26 . 2011-04-07 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-24 13:26 . 2011-03-26 20:53 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 14:06 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 14:06 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 14:06 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 14:06 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 14:06 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 14:06 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 14:06 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 14:05 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 14:05 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 14:05 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 13:44 . 2011-03-23 13:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 13:23 . 2011-04-07 13:45 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Sammsoft
2011-03-22 21:17 . 2011-03-23 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:16 . 2010-10-18 13:10 14744 ----a-w- c:\documents and settings\Eric DeYoung\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-02-04 23:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2009-04-11 16:02 . 2009-04-11 16:02 21068096 ----a-w- c:\program files\FTBDL.exe
2011-03-18 17:53 . 2011-03-25 19:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-07_14.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-10 15:42 . 2011-04-10 15:42 16384 c:\windows\temp\Perflib_Perfdata_63c.dat
+ 2011-04-10 15:57 . 2011-04-10 15:57 16384 c:\windows\temp\Perflib_Perfdata_2bc.dat
+ 2005-08-16 09:18 . 2004-08-10 10:00 502272 c:\windows\system32\winlogon.exe
- 2005-08-16 09:18 . 2011-04-01 13:36 502272 c:\windows\system32\winlogon.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 157472 c:\windows\system32\javaws.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\javaw.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\java.exe
+ 2011-04-08 13:03 . 2011-04-08 13:03 180224 c:\windows\Installer\4f1e1e5.msi
+ 2011-04-08 13:02 . 2011-04-08 13:02 675840 c:\windows\Installer\4f1e1df.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-14 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/23/2011 9:06 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2011 9:06 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2011 9:06 AM 19544]
S1 aysavaxx;aysavaxx;\??\c:\windows\system32\drivers\aysavaxx.sys --> c:\windows\system32\drivers\aysavaxx.sys [?]
S1 dycihimh;dycihimh;\??\c:\windows\system32\drivers\dycihimh.sys --> c:\windows\system32\drivers\dycihimh.sys [?]
S1 gskrdqwk;gskrdqwk;\??\c:\windows\system32\drivers\gskrdqwk.sys --> c:\windows\system32\drivers\gskrdqwk.sys [?]
S1 hgcqpgrl;hgcqpgrl;\??\c:\windows\system32\drivers\hgcqpgrl.sys --> c:\windows\system32\drivers\hgcqpgrl.sys [?]
S1 htzwckvw;htzwckvw;\??\c:\windows\system32\drivers\htzwckvw.sys --> c:\windows\system32\drivers\htzwckvw.sys [?]
S1 ixthvmwc;ixthvmwc;\??\c:\windows\system32\drivers\ixthvmwc.sys --> c:\windows\system32\drivers\ixthvmwc.sys [?]
S1 kimezjsp;kimezjsp;\??\c:\windows\system32\drivers\kimezjsp.sys --> c:\windows\system32\drivers\kimezjsp.sys [?]
S1 lftjhcsc;lftjhcsc;\??\c:\windows\system32\drivers\lftjhcsc.sys --> c:\windows\system32\drivers\lftjhcsc.sys [?]
S1 njmctyra;njmctyra;\??\c:\windows\system32\drivers\njmctyra.sys --> c:\windows\system32\drivers\njmctyra.sys [?]
S1 nraokdhg;nraokdhg;\??\c:\windows\system32\drivers\nraokdhg.sys --> c:\windows\system32\drivers\nraokdhg.sys [?]
S1 nzjfxqjs;nzjfxqjs;\??\c:\windows\system32\drivers\nzjfxqjs.sys --> c:\windows\system32\drivers\nzjfxqjs.sys [?]
S1 obfvlddf;obfvlddf;\??\c:\windows\system32\drivers\obfvlddf.sys --> c:\windows\system32\drivers\obfvlddf.sys [?]
S1 pqpsozec;pqpsozec;\??\c:\windows\system32\drivers\pqpsozec.sys --> c:\windows\system32\drivers\pqpsozec.sys [?]
S1 qgffakcw;qgffakcw;\??\c:\windows\system32\drivers\qgffakcw.sys --> c:\windows\system32\drivers\qgffakcw.sys [?]
S1 rnhetqzs;rnhetqzs;\??\c:\windows\system32\drivers\rnhetqzs.sys --> c:\windows\system32\drivers\rnhetqzs.sys [?]
S1 sctxshpc;sctxshpc;\??\c:\windows\system32\drivers\sctxshpc.sys --> c:\windows\system32\drivers\sctxshpc.sys [?]
S1 sparyilh;sparyilh;\??\c:\windows\system32\drivers\sparyilh.sys --> c:\windows\system32\drivers\sparyilh.sys [?]
S1 tmvmfdhb;tmvmfdhb;\??\c:\windows\system32\drivers\tmvmfdhb.sys --> c:\windows\system32\drivers\tmvmfdhb.sys [?]
S1 tmywegcr;tmywegcr;\??\c:\windows\system32\drivers\tmywegcr.sys --> c:\windows\system32\drivers\tmywegcr.sys [?]
S1 vajeveck;vajeveck;\??\c:\windows\system32\drivers\vajeveck.sys --> c:\windows\system32\drivers\vajeveck.sys [?]
S1 vehhyiet;vehhyiet;\??\c:\windows\system32\drivers\vehhyiet.sys --> c:\windows\system32\drivers\vehhyiet.sys [?]
S2 gupdate1c98a12e8536556;Google Update Service (gupdate1c98a12e8536556);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 12:30 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 14:54]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma3
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Eric DeYoung\Application Data\Mozilla\Firefox\Profiles\518xzb96.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 10:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-04-10 11:02:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 16:02
ComboFix2.txt 2011-04-07 14:06
.
Pre-Run: 43,793,543,168 bytes free
Post-Run: 43,890,298,880 bytes free
.
- - End Of File - - 3197CF5F41FE625EE778F017495506D6
kevin27_b3d29f
1.5K Posts
0
April 10th, 2011 15:00
Hi,
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next we are going to run ComboFix in a slightly different way
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
Quote:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
Combofix will warn that a file has been submitted for upload, please allow it to do so.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Thanks
K27.
chzbrger
18 Posts
0
April 11th, 2011 10:00
Hi,
I got a message that said the Web server was inaccessible and that there was an .htm file to submit manually, so I tried to do that, but got the message:
There was an error uploading your file.
Your file is either 0 bytes or has exceeded the maximum file size of 5MB that we allow to be uploaded. Here is the ComboFix log:
ComboFix 11-04-10.04 - Eric DeYoung 04/11/2011 11:13:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.584 [GMT -5:00]
Running from: c:\documents and settings\Eric DeYoung\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric DeYoung\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\program files\FTBDL.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:03 . 2011-04-08 13:03 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 13:02 . 2011-04-08 13:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 13:02 . 2011-04-08 13:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 13:02 . 2011-04-08 13:02 -------- d-----w- c:\program files\Java
2011-04-07 01:57 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-04-07 01:57 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-04-07 01:57 . 1999-05-07 18:24 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-07 01:57 . 1999-05-07 18:24 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2011-04-07 01:57 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-04-07 01:57 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 01:56 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-05 23:58 . 2011-04-05 23:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-03 19:34 . 2011-04-03 19:35 -------- d-----w- c:\program files\CCleaner
2011-03-30 17:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 18:50 . 2011-03-28 18:50 -------- d-----w- c:\documents and settings\Eric DeYoung\DoctorWeb
2011-03-26 20:40 . 2011-03-26 20:40 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-03-26 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-04-07 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-25 19:28 . 2011-03-25 19:28 -------- d-----w- c:\documents and settings\Eric DeYoung\Local Settings\Application Data\Mozilla
2011-03-24 13:26 . 2011-04-07 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-24 13:26 . 2011-04-11 15:23 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 14:06 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 14:06 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 14:06 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 14:06 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 14:06 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 14:06 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 14:06 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 14:05 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 14:05 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 14:05 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 13:44 . 2011-03-23 13:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 13:23 . 2011-04-07 13:45 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Sammsoft
2011-03-22 21:17 . 2011-03-23 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:16 . 2010-10-18 13:10 14744 ----a-w- c:\documents and settings\Eric DeYoung\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-02-04 23:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2009-04-11 16:02 . 2009-04-11 16:02 21068096 ----a-w- c:\program files\FTBDL.exe
2011-03-18 17:53 . 2011-03-25 19:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-07_14.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-11 15:27 . 2011-04-11 15:27 16384 c:\windows\temp\Perflib_Perfdata_818.dat
+ 2005-08-16 09:18 . 2004-08-10 10:00 502272 c:\windows\system32\winlogon.exe
- 2005-08-16 09:18 . 2011-04-01 13:36 502272 c:\windows\system32\winlogon.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 157472 c:\windows\system32\javaws.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\javaw.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\java.exe
+ 2011-04-08 13:03 . 2011-04-08 13:03 180224 c:\windows\Installer\4f1e1e5.msi
+ 2011-04-08 13:02 . 2011-04-08 13:02 675840 c:\windows\Installer\4f1e1df.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-14 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/23/2011 9:06 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2011 9:06 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2011 9:06 AM 19544]
S1 aysavaxx;aysavaxx;\??\c:\windows\system32\drivers\aysavaxx.sys --> c:\windows\system32\drivers\aysavaxx.sys [?]
S1 dycihimh;dycihimh;\??\c:\windows\system32\drivers\dycihimh.sys --> c:\windows\system32\drivers\dycihimh.sys [?]
S1 gskrdqwk;gskrdqwk;\??\c:\windows\system32\drivers\gskrdqwk.sys --> c:\windows\system32\drivers\gskrdqwk.sys [?]
S1 hgcqpgrl;hgcqpgrl;\??\c:\windows\system32\drivers\hgcqpgrl.sys --> c:\windows\system32\drivers\hgcqpgrl.sys [?]
S1 htzwckvw;htzwckvw;\??\c:\windows\system32\drivers\htzwckvw.sys --> c:\windows\system32\drivers\htzwckvw.sys [?]
S1 ixthvmwc;ixthvmwc;\??\c:\windows\system32\drivers\ixthvmwc.sys --> c:\windows\system32\drivers\ixthvmwc.sys [?]
S1 kimezjsp;kimezjsp;\??\c:\windows\system32\drivers\kimezjsp.sys --> c:\windows\system32\drivers\kimezjsp.sys [?]
S1 lftjhcsc;lftjhcsc;\??\c:\windows\system32\drivers\lftjhcsc.sys --> c:\windows\system32\drivers\lftjhcsc.sys [?]
S1 njmctyra;njmctyra;\??\c:\windows\system32\drivers\njmctyra.sys --> c:\windows\system32\drivers\njmctyra.sys [?]
S1 nraokdhg;nraokdhg;\??\c:\windows\system32\drivers\nraokdhg.sys --> c:\windows\system32\drivers\nraokdhg.sys [?]
S1 nzjfxqjs;nzjfxqjs;\??\c:\windows\system32\drivers\nzjfxqjs.sys --> c:\windows\system32\drivers\nzjfxqjs.sys [?]
S1 obfvlddf;obfvlddf;\??\c:\windows\system32\drivers\obfvlddf.sys --> c:\windows\system32\drivers\obfvlddf.sys [?]
S1 pqpsozec;pqpsozec;\??\c:\windows\system32\drivers\pqpsozec.sys --> c:\windows\system32\drivers\pqpsozec.sys [?]
S1 qgffakcw;qgffakcw;\??\c:\windows\system32\drivers\qgffakcw.sys --> c:\windows\system32\drivers\qgffakcw.sys [?]
S1 rnhetqzs;rnhetqzs;\??\c:\windows\system32\drivers\rnhetqzs.sys --> c:\windows\system32\drivers\rnhetqzs.sys [?]
S1 sctxshpc;sctxshpc;\??\c:\windows\system32\drivers\sctxshpc.sys --> c:\windows\system32\drivers\sctxshpc.sys [?]
S1 sparyilh;sparyilh;\??\c:\windows\system32\drivers\sparyilh.sys --> c:\windows\system32\drivers\sparyilh.sys [?]
S1 tmvmfdhb;tmvmfdhb;\??\c:\windows\system32\drivers\tmvmfdhb.sys --> c:\windows\system32\drivers\tmvmfdhb.sys [?]
S1 tmywegcr;tmywegcr;\??\c:\windows\system32\drivers\tmywegcr.sys --> c:\windows\system32\drivers\tmywegcr.sys [?]
S1 vajeveck;vajeveck;\??\c:\windows\system32\drivers\vajeveck.sys --> c:\windows\system32\drivers\vajeveck.sys [?]
S1 vehhyiet;vehhyiet;\??\c:\windows\system32\drivers\vehhyiet.sys --> c:\windows\system32\drivers\vehhyiet.sys [?]
S2 gupdate1c98a12e8536556;Google Update Service (gupdate1c98a12e8536556);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 12:30 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 14:54]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma3
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Eric DeYoung\Application Data\Mozilla\Firefox\Profiles\518xzb96.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 11:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-11 11:23:24
ComboFix-quarantined-files.txt 2011-04-11 16:23
ComboFix2.txt 2011-04-11 15:46
ComboFix3.txt 2011-04-10 16:02
ComboFix4.txt 2011-04-07 14:06
.
Pre-Run: 43,818,414,080 bytes free
Post-Run: 43,773,472,768 bytes free
.
- - End Of File - - 3953641C8A2B26DCE0FD80736AE03F2C
kevin27_b3d29f
1.5K Posts
0
April 14th, 2011 23:00
Hi,
Sorry for the delay in replying, its been a very busy week.
Please post the log created at C:\Qoobox\ComboFix-quarantined-files.txt
Thanks
chzbrger
18 Posts
0
April 15th, 2011 09:00
Not a problem, thanks, here's the log:
2011-04-07 14:04:31 . 2011-04-07 14:04:31 195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Microsoft Works Update Detection.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Search Protection.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 154 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MsnMsgr.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ModemOnHold.reg.dat
2011-04-07 13:55:07 . 2011-04-11 16:17:28 9,990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-07 13:47:21 . 2011-04-11 16:11:43 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2005-08-16 09:18:45 . 2011-04-01 13:36:15 502,272 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
2005-08-16 09:18:17 . 2011-04-01 13:36:15 1,033,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
kevin27_b3d29f
1.5K Posts
0
April 17th, 2011 07:00
Hi,
Sorry for the delay.
We are going to run Combofix using the drag and drop method again.
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
Quote:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Thanks
K27.
chzbrger
18 Posts
0
April 19th, 2011 11:00
Here is the ComboFix.txt log, thanks.
ComboFix 11-04-19.01 - Eric DeYoung 04/19/2011 11:23:53.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.581 [GMT -5:00]
Running from: c:\documents and settings\Eric DeYoung\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric DeYoung\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aysavaxx
-------\Service_dycihimh
-------\Service_gskrdqwk
-------\Service_hgcqpgrl
-------\Service_ixthvmwc
-------\Service_kimezjsp
-------\Service_lftjhcsc
-------\Service_njmctyra
-------\Service_nraokdhg
-------\Service_nzjfxqjs
-------\Service_obfvlddf
-------\Service_pqpsozec
-------\Service_qgffakcw
-------\Service_rnhetqzs
-------\Service_sctxshpc
-------\Service_sparyilh
-------\Service_tmvmfdhb
-------\Service_tmywegcr
-------\Service_vajeveck
-------\Service_vehhyiet
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:03 . 2011-04-08 13:03 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 13:02 . 2011-04-08 13:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 13:02 . 2011-04-08 13:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 13:02 . 2011-04-08 13:02 -------- d-----w- c:\program files\Java
2011-04-07 01:57 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-04-07 01:57 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-04-07 01:57 . 1999-05-07 18:24 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-07 01:57 . 1999-05-07 18:24 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2011-04-07 01:57 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-04-07 01:57 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 01:56 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-05 23:58 . 2011-04-05 23:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-03 19:34 . 2011-04-03 19:35 -------- d-----w- c:\program files\CCleaner
2011-03-30 17:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 18:50 . 2011-03-28 18:50 -------- d-----w- c:\documents and settings\Eric DeYoung\DoctorWeb
2011-03-26 20:40 . 2011-03-26 20:40 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-03-26 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-04-07 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-25 19:28 . 2011-03-25 19:28 -------- d-----w- c:\documents and settings\Eric DeYoung\Local Settings\Application Data\Mozilla
2011-03-24 13:26 . 2011-04-07 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-24 13:26 . 2011-04-11 15:23 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 14:06 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 14:06 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 14:06 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 14:06 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 14:06 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 14:06 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 14:06 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 14:05 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 14:05 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 14:05 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 13:44 . 2011-03-23 13:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 13:23 . 2011-04-07 13:45 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Sammsoft
2011-03-22 21:17 . 2011-03-23 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:16 . 2010-10-18 13:10 14744 ----a-w- c:\documents and settings\Eric DeYoung\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-02-04 23:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2009-04-11 16:02 . 2009-04-11 16:02 21068096 ----a-w- c:\program files\FTBDL.exe
2011-03-18 17:53 . 2011-03-25 19:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-14 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/23/2011 9:06 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2011 9:06 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2011 9:06 AM 19544]
S1 htzwckvw;htzwckvw;\??\c:\windows\system32\drivers\htzwckvw.sys --> c:\windows\system32\drivers\htzwckvw.sys [?]
S2 gupdate1c98a12e8536556;Google Update Service (gupdate1c98a12e8536556);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 12:30 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 14:54]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma3
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Eric DeYoung\Application Data\Mozilla\Firefox\Profiles\518xzb96.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-19 11:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-04-19 12:04:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-19 17:04
ComboFix2.txt 2011-04-11 16:23
ComboFix3.txt 2011-04-11 15:46
ComboFix4.txt 2011-04-10 16:02
ComboFix5.txt 2011-04-19 16:21
.
Pre-Run: 43,319,533,568 bytes free
Post-Run: 43,288,682,496 bytes free
.
- - End Of File - - C6193CDB4A6B7426E9C43CA930CFE026
kevin27_b3d29f
1.5K Posts
0
April 19th, 2011 14:00
Hi,
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
Quote:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Please leave all protection disabled before running the online scan.
Go here to run an online scannner from ESET.
Please post back the fresh Combofix log, the ESET report, a fresh set of DDS logs and a status report on how the system is running.
Thanks.
chzbrger
18 Posts
0
April 20th, 2011 10:00
Hi,
The ESET download is not working. When I click the YES, I accept box and then click Start, I do not get the activex prompt, it just displays the Terms of Use box again the YES box unchecked. I tried many times. I can give the ComboFix .txt log:
ComboFix 11-04-19.06 - Eric DeYoung 04/20/2011 9:50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.671 [GMT -5:00]
Running from: c:\documents and settings\Eric DeYoung\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric DeYoung\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\htzwckvw.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_htzwckvw
.
.
((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:03 . 2011-04-08 13:03 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 13:02 . 2011-04-08 13:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 13:02 . 2011-04-08 13:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 13:02 . 2011-04-08 13:02 -------- d-----w- c:\program files\Java
2011-04-07 13:43 . 2011-04-07 13:59 -------- d-----w- C:\## aswSnx private storage
2011-04-07 01:57 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-04-07 01:57 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-04-07 01:57 . 1999-05-07 18:24 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-07 01:57 . 1999-05-07 18:24 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2011-04-07 01:57 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-04-07 01:57 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 01:56 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-05 23:58 . 2011-04-05 23:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-30 17:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 18:50 . 2011-03-28 18:50 -------- d-----w- c:\documents and settings\Eric DeYoung\DoctorWeb
2011-03-26 20:40 . 2011-03-26 20:40 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-03-26 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 20:39 . 2011-04-07 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 20:35 . 2011-04-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-25 19:28 . 2011-03-25 19:28 -------- d-----w- c:\documents and settings\Eric DeYoung\Local Settings\Application Data\Mozilla
2011-03-24 13:26 . 2011-04-07 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-24 13:26 . 2011-04-11 15:23 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 13:44 . 2011-03-23 13:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 13:23 . 2011-04-07 13:45 -------- d-----w- c:\documents and settings\Eric DeYoung\Application Data\Sammsoft
2011-03-22 21:17 . 2011-03-23 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:16 . 2010-10-18 13:10 14744 ----a-w- c:\documents and settings\Eric DeYoung\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-02-04 23:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2009-04-11 16:02 . 2009-04-11 16:02 21068096 ----a-w- c:\program files\FTBDL.exe
2011-03-18 17:53 . 2011-03-25 19:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-07_14.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 15:59 . 2011-01-11 15:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-11 04:03 . 2011-01-11 04:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 03:32 . 2011-01-11 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 09:05 . 2011-01-11 09:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 09:23 . 2011-01-11 09:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 02:21 . 2011-01-11 02:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-04-20 14:56 . 2011-04-20 14:56 16384 c:\windows\temp\Perflib_Perfdata_114.dat
+ 2006-10-14 16:19 . 2011-04-14 12:59 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-02-03 09:00 . 2011-02-03 09:00 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-04-14 12:57 . 2011-04-14 12:57 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-01-11 15:59 . 2011-01-11 15:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 09:27 . 2011-01-11 09:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 09:24 . 2011-01-11 09:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 09:08 . 2011-01-11 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
- 2005-08-16 09:18 . 2011-04-01 13:36 502272 c:\windows\system32\winlogon.exe
+ 2005-08-16 09:18 . 2004-08-10 10:00 502272 c:\windows\system32\winlogon.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 157472 c:\windows\system32\javaws.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\javaw.exe
+ 2011-04-08 13:02 . 2011-04-08 13:02 145184 c:\windows\system32\java.exe
+ 2011-04-14 12:58 . 2011-04-14 12:58 459264 c:\windows\Installer\ee8327a.msi
+ 2011-04-14 12:54 . 2011-04-14 12:54 223232 c:\windows\Installer\ee83230.msi
+ 2011-04-08 13:03 . 2011-04-08 13:03 180224 c:\windows\Installer\4f1e1e5.msi
+ 2011-04-08 13:02 . 2011-04-08 13:02 675840 c:\windows\Installer\4f1e1df.msi
+ 2006-10-14 16:19 . 2011-04-14 12:59 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-10-14 16:19 . 2011-03-15 13:01 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-14 16:19 . 2011-04-14 12:59 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-01-11 15:59 . 2011-01-11 15:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-11 03:50 . 2011-01-11 03:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 03:50 . 2011-01-11 03:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-01-27 19:49 . 2011-01-27 19:49 6825472 c:\windows\Installer\ee8328b.msp
+ 2011-04-05 17:52 . 2011-04-05 17:52 5519872 c:\windows\Installer\ee8325c.msp
+ 2010-11-21 04:34 . 2010-11-21 04:34 1198080 c:\windows\Installer\ee8324a.msp
+ 2011-03-18 01:01 . 2011-03-18 01:01 9563648 c:\windows\Installer\ee83241.msp
+ 2011-01-11 22:50 . 2011-01-11 22:50 8177152 c:\windows\Installer\ee83238.msp
+ 2009-08-17 21:32 . 2009-08-17 21:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL
+ 2006-11-11 03:26 . 2011-04-14 12:54 39828936 c:\windows\system32\MRT.exe
+ 2011-02-24 14:38 . 2011-02-24 14:38 10984448 c:\windows\Installer\ee8326e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-14 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate1c98a12e8536556;Google Update Service (gupdate1c98a12e8536556);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 12:30 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 14:54]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma3
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Eric DeYoung\Application Data\Mozilla\Firefox\Profiles\518xzb96.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-20 10:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2011-04-20 10:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-20 15:13
ComboFix2.txt 2011-04-19 17:04
ComboFix3.txt 2011-04-11 16:23
ComboFix4.txt 2011-04-11 15:46
ComboFix5.txt 2011-04-20 14:49
.
Pre-Run: 43,323,240,448 bytes free
Post-Run: 43,309,027,328 bytes free
.
- - End Of File - - 0B7E1F5A29725E3190FC823AA528DA61
kevin27_b3d29f
1.5K Posts
0
April 20th, 2011 14:00
Hi,
The log looks clean.
Please Update Avast and then run a FULL system scan, its will take a while so please be patient with it.
Let me know if it finds anything.
Thanks
chzbrger
18 Posts
0
April 23rd, 2011 10:00
Hi,
Avast didn't find anything with a full system scan. Am I "done"? I really appreciate you volunteering your time to help me!
kevin27_b3d29f
1.5K Posts
0
April 24th, 2011 01:00
Hi,
Nearly,
Please post the log created at C:\Qoobox\ComboFix-quarantined-files.txt and a new set of DDS logs.
Thanks
chzbrger
18 Posts
0
April 25th, 2011 09:00
Hi,
ComboFix log:
2011-04-20 14:53:31 . 2011-04-20 14:53:31 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_htzwckvw.reg.dat
2011-04-19 16:29:13 . 2011-04-19 16:29:13 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vehhyiet.reg.dat
2011-04-19 16:29:12 . 2011-04-19 16:29:12 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vajeveck.reg.dat
2011-04-19 16:29:12 . 2011-04-19 16:29:12 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tmywegcr.reg.dat
2011-04-19 16:29:11 . 2011-04-19 16:29:11 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tmvmfdhb.reg.dat
2011-04-19 16:29:10 . 2011-04-19 16:29:10 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sparyilh.reg.dat
2011-04-19 16:29:10 . 2011-04-19 16:29:10 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sctxshpc.reg.dat
2011-04-19 16:29:09 . 2011-04-19 16:29:09 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rnhetqzs.reg.dat
2011-04-19 16:29:08 . 2011-04-19 16:29:08 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_qgffakcw.reg.dat
2011-04-19 16:29:08 . 2011-04-19 16:29:08 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pqpsozec.reg.dat
2011-04-19 16:29:07 . 2011-04-19 16:29:07 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_obfvlddf.reg.dat
2011-04-19 16:29:06 . 2011-04-19 16:29:06 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nzjfxqjs.reg.dat
2011-04-19 16:29:06 . 2011-04-19 16:29:06 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nraokdhg.reg.dat
2011-04-19 16:29:05 . 2011-04-19 16:29:05 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_njmctyra.reg.dat
2011-04-19 16:29:05 . 2011-04-19 16:29:05 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lftjhcsc.reg.dat
2011-04-19 16:29:04 . 2011-04-19 16:29:04 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_kimezjsp.reg.dat
2011-04-19 16:29:03 . 2011-04-19 16:29:03 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ixthvmwc.reg.dat
2011-04-19 16:29:03 . 2011-04-19 16:29:03 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hgcqpgrl.reg.dat
2011-04-19 16:29:02 . 2011-04-19 16:29:02 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_gskrdqwk.reg.dat
2011-04-19 16:29:01 . 2011-04-19 16:29:01 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dycihimh.reg.dat
2011-04-19 16:29:01 . 2011-04-19 16:29:01 2,416 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aysavaxx.reg.dat
2011-04-19 16:23:36 . 2011-04-20 14:50:37 2,265 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-04-07 14:04:31 . 2011-04-07 14:04:31 195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Microsoft Works Update Detection.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Search Protection.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 154 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MsnMsgr.reg.dat
2011-04-07 14:04:27 . 2011-04-07 14:04:27 142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ModemOnHold.reg.dat
2011-04-07 13:55:07 . 2011-04-20 14:53:26 9,990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-07 13:47:21 . 2011-04-20 14:49:07 561 ----a-w- C:\Qoobox\Quarantine\catchme.log
2005-08-16 09:18:45 . 2011-04-01 13:36:15 502,272 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
2005-08-16 09:18:17 . 2011-04-01 13:36:15 1,033,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
DDS.txt:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Eric DeYoung at 10:15:10.01 on Mon 04/25/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.189 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Documents and Settings\Eric DeYoung\My Documents\Downloads\dds(2).com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/dc/launch?.gx=1&.rand=22iueibg12q0v
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma3
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ericde~1\applic~1\mozilla\firefox\profiles\518xzb96.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-21 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-21 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-21 42184]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-21 441176]
S2 gupdate1c98a12e8536556;Google Update Service (gupdate1c98a12e8536556);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
.
=============== Created Last 30 ================
.
2011-04-21 14:56:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-21 14:55:41 40112 ----a-w- c:\windows\avastSS.scr
2011-04-08 13:02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 13:02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-07 13:48:44 98816 ----a-w- c:\windows\sed.exe
2011-04-07 13:48:44 89088 ----a-w- c:\windows\MBR.exe
2011-04-07 13:48:44 256512 ----a-w- c:\windows\PEV.exe
2011-04-07 13:48:44 161792 ----a-w- c:\windows\SWREG.exe
2011-04-07 13:43:37 -------- d-----w- C:\## aswSnx private storage
2011-04-07 13:38:14 -------- d-sha-r- C:\cmdcons
2011-04-07 13:38:13 -------- d-----w- c:\windows\setup.pss
2011-04-07 01:57:03 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-07 01:57:03 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-04-07 01:57:03 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2011-04-07 01:57:03 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-04-07 01:57:02 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-04-07 01:57:02 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-04-07 01:56:36 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-04-05 23:58:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-30 17:16:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 18:50:55 -------- d-----w- c:\documents and settings\eric deyoung\DoctorWeb
2011-03-26 20:40:12 -------- d-----w- c:\docume~1\ericde~1\applic~1\Malwarebytes
2011-03-26 20:39:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-26 20:39:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-04 23:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2009-04-11 16:02:15 21068096 ----a-w- c:\program files\FTBDL.exe
.
============= FINISH: 10:18:14.14 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 3:00:50 PM
System Uptime: 4/20/2011 9:17:29 PM (109 hours ago)
.
Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 79 GiB total, 39.819 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 26.447 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/17/2011 8:12:19 PM - System Checkpoint
RP2: 3/18/2011 8:22:43 PM - System Checkpoint
RP3: 3/19/2011 9:09:06 PM - System Checkpoint
RP4: 3/20/2011 9:37:19 PM - System Checkpoint
RP5: 3/21/2011 9:58:17 PM - System Checkpoint
RP6: 3/23/2011 8:23:31 AM - ARO 2011 - Before Installation
RP7: 3/23/2011 8:24:05 AM - ARO 2011 - FIRST RUN
RP8: 3/23/2011 8:32:26 AM - ARO 2011 Wed, Mar 23, 11 08:32
RP9: 3/23/2011 8:43:00 AM - Restore Operation
RP10: 3/23/2011 9:05:33 AM - avast! Free Antivirus Setup
RP11: 3/24/2011 9:26:35 AM - System Checkpoint
RP12: 3/25/2011 9:58:28 AM - System Checkpoint
RP13: 3/26/2011 4:15:15 PM - System Checkpoint
RP14: 3/28/2011 2:16:48 PM - System Checkpoint
RP15: 3/29/2011 8:49:07 AM - Installed HiJackThis
RP16: 3/30/2011 8:51:00 AM - System Checkpoint
RP17: 3/31/2011 9:15:37 AM - System Checkpoint
RP18: 3/31/2011 8:45:41 PM - Software Distribution Service 3.0
RP19: 4/2/2011 9:59:02 AM - Software Distribution Service 3.0
RP20: 4/3/2011 12:47:50 PM - Software Distribution Service 3.0
RP21: 4/4/2011 1:22:50 PM - System Checkpoint
RP22: 4/4/2011 4:55:16 PM - Software Distribution Service 3.0
RP23: 4/4/2011 8:16:06 PM - Removed NetWaiting
RP24: 4/4/2011 8:16:47 PM - Removed NetZeroInstallers
RP25: 4/6/2011 7:12:38 AM - System Checkpoint
RP26: 4/6/2011 8:15:37 PM - ARO 2011 - Before Installation
RP27: 4/6/2011 8:16:38 PM - ARO 2011 - FIRST RUN
RP28: 4/7/2011 8:45:12 AM - Removed HiJackThis
RP29: 4/8/2011 8:02:26 AM - Installed Java(TM) 6 Update 24
RP30: 4/9/2011 1:22:31 PM - System Checkpoint
RP31: 4/10/2011 2:00:41 PM - System Checkpoint
RP32: 4/14/2011 7:54:08 AM - Software Distribution Service 3.0
RP33: 4/19/2011 11:21:59 AM - ComboFix created restore point
RP34: 4/19/2011 4:14:17 PM - avast! Free Antivirus Setup
RP35: 4/20/2011 4:51:08 PM - System Checkpoint
RP36: 4/21/2011 9:55:28 AM - avast! Free Antivirus Setup
RP37: 4/22/2011 10:08:48 AM - System Checkpoint
RP38: 4/23/2011 11:08:48 AM - System Checkpoint
RP39: 4/24/2011 12:08:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
Actiontec Gateway
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
AOLIcon
avast! Free Antivirus
Broadcom Management Programs
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell ResourceCD
Dell Support 3.2
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
DIGOpt
DIGReqEx
Documentation & Support Launcher
ELIcon
EPSON CX5000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
EPSON Web-To-Page
Family Tree Maker 2006
Games, Music, & Photos Launcher
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
Java Auto Updater
Java(TM) 6 Update 24
MathPlayer
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Outlook Connector
Microsoft Picture It! Library 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSN
MSN Encarta Plus Support Files
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
OneCare Advisor (Windows Live Toolbar)
Otto
Photo Transport
PowerDVD 5.7
QuickConnect
QuickTime
Qwest eChat Support Tools
RealPlayer Basic
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Smart Menus (Windows Live Toolbar)
Sonic Encoders
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/21/2011 8:05:17 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
4/20/2011 9:50:28 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
4/19/2011 11:59:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0018F354C832 has been denied by the DHCP server 206.55.180.147 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================