[Active] IE won't run

grenny47 · 9th February 2009

Here is the thread I first openned. I was instructed to open a new thread here. The URL was IE won't run

Internet Explorer won't run. I think my browser has been hijacked. When I double click on the desktop icon or when I choose it from the Start menu, the cursor changes to an hourglass for a second or two as if I.E. were about to start, but nothing happens. Luckily all of my other programs seem to work.

At first I couldn"t access the internet but I managed to download Firefox on another machine and copy the file. This let me load Firefox but even Firefox isn't working that good. I sometimes get error messages saying it can't access the server. I also tried to load AVG (free) and it will load but I can't get to the server for updates. Some really strange stuff going on here.

DDS (Ver_09-02-01.01) - FAT32x86
Run by tom at 9:11:23.04 on Mon 02/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.912 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\TBFDropZone\TBFDropZone.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tom\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - f:\photoshop\/Adobe Contribute CS3/contributeieplugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [A00F17A3B2.exe] c:\docume~1\tom\locals~1\temp\_A00F17A3B2.exe
uRun: [TBF Drop Zone] c:\program files\tbfdropzone\TBFDropZone.exe
mRun: [Preload] c:\windows\RUNXMLPL.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [PowerKey] "c:\program files\launch manager\PowerKey.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\iwuzmyd7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

============= SERVICES / DRIVERS ===============

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-7-9 9867]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2008-7-9 12106]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-7-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-4-7 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-7-9 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2008-7-9 4010]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2008-7-9 4392]
R3 POWERKEY;POWERKEY;c:\program files\launch manager\POWERKEY.SYS [2008-7-9 2343]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]

=============== Created Last 30 ================

2009-02-08 21:02 <DIR> --d----- c:\program files\AVG
2009-02-08 13:23 <DIR> --d----- c:\docume~1\tom\applic~1\Axosoft
2009-02-08 13:23 <DIR> --d----- c:\program files\TBFDropZone
2009-02-07 18:44 <DIR> --d----- c:\program files\freshplay
2009-02-07 18:44 337 ---shr-- C:\autorun.inf
2009-01-20 19:03 <DIR> --d----- c:\windows\system32\Adobe
2009-01-20 13:50 <DIR> --d----- c:\docume~1\tom\applic~1\GamesForOne
2009-01-20 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GamesForOne
2009-01-20 13:50 <DIR> --d----- c:\program files\Solitaire Plus
2009-01-15 19:16 487 a------- C:\xcrashdump.dat
2009-01-13 10:51 118,272 a------- c:\windows\system32\hpz3l5ha.dll
2009-01-13 10:51 267,864 a------- c:\windows\system32\hpzids01.dll
2009-01-13 10:51 958,464 a------- c:\windows\system32\hpotiop4.dll
2009-01-13 10:51 303,104 a------- c:\windows\system32\hpovst11.dll
2009-01-13 10:51 675,840 a------- c:\windows\system32\hpowiax4.dll
2009-01-13 10:49 121,299 -------- c:\windows\hpoins15.dat.temp
2009-01-13 10:49 1,037 -------- c:\windows\hpomdl15.dat.temp
2009-01-13 10:49 307,237 a------- c:\windows\system32\autorun.inf
2009-01-13 10:41 16,496 a------- c:\windows\system32\drivers\HPZipr12.sys
2009-01-13 10:41 49,920 a------- c:\windows\system32\drivers\HPZid412.sys
2009-01-12 16:58 208,744 a------- c:\windows\system32\muweb.dll
2009-01-12 16:58 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-12 16:29 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-12 14:44 <DIR> --d----- c:\temp\FixEngine
2009-01-12 14:09 69,417 a------- c:\windows\hpoins05.dat
2009-01-12 14:09 19,696 -------- c:\windows\hpomdl05.dat
2009-01-12 14:08 <DIR> --d----- c:\temp\HP_WebRelease
2009-01-12 11:24 <DIR> --d----- c:\documents and settings\tom\.TDA-Options360
2009-01-10 20:50 <DIR> --d----- c:\program files\Movavi VideoSuite 6
2009-01-10 19:44 <DIR> --d----- c:\program files\RADVideo
2009-01-10 19:12 <DIR> --d----- c:\program files\PentaWare

==================== Find3M ====================

2009-02-07 20:49 90,112 a------- c:\windows\DUMP1339.tmp
2009-02-07 20:37 90,112 a------- c:\windows\DUMP12ad.tmp
2009-01-13 10:53 121,299 a------- c:\windows\hpoins15.dat
2009-01-03 22:55 520,192 a------- c:\windows\system32\Rolex Oyster Perpetual.scr
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-11 19:57 19,116 a------- c:\program files\common files\typowuma.bat
2008-11-11 19:57 19,031 a------- c:\program files\common files\gixefepo.dll
2008-11-11 19:57 18,498 a------- c:\docume~1\tom\applic~1\hohup.com
2008-11-11 19:57 17,727 a------- c:\docume~1\alluse~1\applic~1\verib.sys
2008-11-11 19:57 16,917 a------- c:\docume~1\tom\applic~1\olamype.com
2008-11-11 19:57 16,795 a------- c:\program files\common files\agyniqybaw.com
2008-11-11 19:57 15,065 a------- c:\windows\pudidyteh.dll
2008-11-11 19:57 15,025 a------- c:\program files\common files\ysigopan.dl
2008-11-11 19:57 14,274 a------- c:\program files\common files\pode.inf
2008-11-11 19:57 13,108 a------- c:\program files\common files\vevan.dat
2008-11-11 19:57 11,025 a------- c:\program files\common files\mesuka.vbs
2008-08-30 10:47 71,064 a------- c:\docume~1\tom\applic~1\GDIPFONTCACHEV1.DAT
2008-08-18 14:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 9:11:53.95 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2008 3:50:18 PM
System Uptime: 2/9/2009 9:01:41 AM (0 hours ago)

Motherboard: Acer | | Garda-910
Processor: Intel(R) Celeron(R) M processor 1.60GHz | U1 | 1596/100mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 35 GiB total, 13.282 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 12.972 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP183: 12/13/2008 7:20:19 PM - Avg8 Update
RP184: 12/19/2008 11:06:13 AM - Software Distribution Service 3.0
RP185: 12/19/2008 11:42:07 AM - Installed SUPERAntiSpyware Free Edition
RP186: 12/20/2008 2:09:20 PM - System Checkpoint
RP187: 12/21/2008 3:21:47 PM - System Checkpoint
RP188: 12/22/2008 6:13:39 PM - System Checkpoint
RP189: 12/24/2008 5:40:47 PM - System Checkpoint
RP190: 12/26/2008 5:45:48 PM - System Checkpoint
RP191: 12/28/2008 10:36:14 PM - System Checkpoint
RP192: 12/30/2008 9:29:40 AM - System Checkpoint
RP193: 12/31/2008 3:19:10 PM - System Checkpoint
RP194: 1/1/2009 6:58:49 PM - System Checkpoint
RP195: 1/2/2009 8:57:05 PM - System Checkpoint
RP196: 1/4/2009 3:57:44 PM - System Checkpoint
RP197: 1/7/2009 10:02:12 AM - Installed Windows XP KB954708.
RP198: 1/7/2009 10:02:51 AM - Installed DirectX
RP199: 1/8/2009 3:00:17 AM - Software Distribution Service 3.0
RP200: 1/9/2009 5:22:36 PM - System Checkpoint
RP201: 1/9/2009 7:12:38 PM - Installed Windows Installer Clean Up
RP202: 1/9/2009 8:10:46 PM - Printer Driver Adobe PDF Converter Installed
RP203: 1/9/2009 9:37:13 PM - Software Distribution Service 3.0
RP204: 1/9/2009 9:44:41 PM - restore011009
RP205: 1/10/2009 7:12:15 PM - Installed PentaZip
RP206: 1/10/2009 8:50:19 PM - Installed Movavi VideoSuite 6.
RP207: 1/11/2009 11:06:42 AM - Software Distribution Service 3.0
RP208: 1/12/2009 3:29:58 PM - System Checkpoint
RP209: 1/12/2009 4:23:05 PM - Restore Operation
RP210: 1/12/2009 5:23:27 PM - Software Distribution Service 3.0
RP211: 1/13/2009 10:15:46 PM - Software Distribution Service 3.0
RP212: 1/14/2009 6:26:35 PM - Software Distribution Service 3.0
RP213: 1/15/2009 7:05:58 PM - restore11509
RP214: 1/16/2009 8:00:31 PM - System Checkpoint
RP215: 1/18/2009 10:56:12 AM - System Checkpoint
RP216: 1/19/2009 3:11:32 PM - Software Distribution Service 3.0
RP217: 1/20/2009 4:07:52 PM - System Checkpoint
RP218: 1/20/2009 7:03:44 PM -
RP219: 1/20/2009 7:04:17 PM - Shockwave Player
RP220: 1/21/2009 11:29:03 PM - System Checkpoint
RP221: 1/23/2009 2:16:51 AM - System Checkpoint
RP222: 1/24/2009 6:52:26 PM - System Checkpoint
RP223: 1/26/2009 1:09:59 PM - Software Distribution Service 3.0
RP224: 1/27/2009 3:03:05 PM - System Checkpoint
RP225: 1/28/2009 2:42:59 PM - Software Distribution Service 3.0
RP226: 1/29/2009 3:44:09 PM - System Checkpoint
RP227: 1/30/2009 7:46:51 PM - System Checkpoint
RP228: 1/31/2009 8:09:41 PM - Software Distribution Service 3.0
RP229: 2/2/2009 8:37:42 PM - System Checkpoint
RP230: 2/3/2009 9:38:30 AM - Software Distribution Service 3.0
RP231: 2/4/2009 3:07:09 PM - Installed Java(TM) 6 Update 11
RP232: 2/4/2009 8:09:31 PM - Avg8 Update
RP233: 2/4/2009 8:10:42 PM - Avg8 Update
RP234: 2/5/2009 3:29:59 PM - Software Distribution Service 3.0
RP235: 2/7/2009 4:59:47 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.57
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.21
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player 11
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIO_Scan
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
Autodesk Architectural Desktop 2006
Autodesk DWF Viewer
AutoUpdate
AVI Movie Player
Bonjour
Canon iP1600
Canon Utilities Easy-PhotoPrint
CDDRV_Installer
Dell Picture Studio - Dell Image Expert
DivX Author 1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
Driver Detective
Drivers Install For Linksys Easylink Advisor
Easy-WebPrint
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
ESET Online Scanner
freshplay
Google Gmail Notifier
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp 7
Google SketchUp LayOut 6
Google SketchUp Pro 6
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photosmart All-In-One Software 9.0
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
KhalInstallWrapper
Launch Manager V1.0.9.3
LimeWire 4.18.6
Linksys EasyLink Advisor 1.6 (0032)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NTI Backup NOW! 4
NTI CD & DVD-Maker
PDF Settings
PowerProducer
PS_AIO_Software_min
QuickTime
ReaConverter 5.5 Pro
Realtek AC'97 Audio
Rolex Oyster Perpetual Screen Saver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Skype™ 3.8
SoftV90 Data Fax Modem with SmartCP
Solitaire Plus! version 2.4.3
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TransferBigFiles.com Drop Zone
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/6/2009 8:25:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
2/5/2009 3:34:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
2/3/2009 11:11:01 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/7/2009 9:25:35 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 804d92c2, parameter3 bac125c4, parameter4 00000000.
2/7/2009 9:26:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 804d92c2, parameter3 bac165c4, parameter4 00000000.
2/8/2009 2:49:13 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8052ad97, parameter3 a96905c4, parameter4 00000000.
2/9/2009 9:01:09 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
2/9/2009 9:01:09 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASENUM\0000 disappeared from the system without first being prepared for removal.
2/9/2009 9:01:09 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.

==== End Of File ===========================

**PeteC** · 9th February 2009

Thanks

One of our trained analysts will look over your log ASAP, but as they are always very busy it could be a day or so. All logs are dealt with in the order received.

**noahdfear** · 11th February 2009

Hi grenny47,

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

grenny47 · 11th February 2009

Noahdfear, While I was running combofix I got this error message requesting me to run Chkdsk utility (The file or directory\Documents and Settings\Tom\Start Menu\Programs\SmartDraw 2009 is corrupt and unreadable. Please run the Chkdsk utility. Should I run this or not?

Attached are the results of Combofix:

ComboFix 09-02-10.03 - tom 2009-02-11 9:30:12.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1100 [GMT -5:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\tom\Application Data\02000000afa0564a517C.manifest
c:\documents and settings\tom\Application Data\02000000afa0564a517O.manifest
c:\documents and settings\tom\Application Data\02000000afa0564a517P.manifest
c:\documents and settings\tom\Application Data\02000000afa0564a517S.manifest
c:\documents and settings\tom\Local Settings\Temporary Internet Files\agajuhel.com
c:\documents and settings\tom\Local Settings\Temporary Internet Files\uzaja.inf
c:\documents and settings\tom\Local Settings\Temporary Internet Files\ysozat.inf
c:\documents and settings\tom\Start Menu\Programs\freshplay
c:\documents and settings\tom\Start Menu\Programs\freshplay\Uninstall.lnk
c:\program files\freshplay
c:\program files\freshplay\Uninstall.exe
c:\recycler\S-8-3-15-100014364-100022063-100024924-2636.com
c:\windows\system32\ATHPRXY(2).DLL
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxwbdujbpj.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxriudjwwx.dll
C:\xcrashdump.dat
D:\Autorun.inf
d:\recycler\S-8-3-15-100014364-100022063-100024924-2636.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-10 10:46 . 2009-02-10 10:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-10 10:33 . 2009-02-10 10:33 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-10 10:33 . 2009-02-10 10:33 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-10 10:33 . 2009-02-10 10:33 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-10 10:33 . 2009-02-10 10:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-10 09:01 . 2009-02-10 09:01 <DIR> d-------- c:\program files\Java
2009-02-10 09:01 . 2009-02-10 09:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-08 21:02 . 2009-02-08 21:02 <DIR> d-------- c:\program files\AVG
2009-02-08 13:23 . 2009-02-08 13:23 <DIR> d-------- c:\program files\TBFDropZone
2009-02-08 13:23 . 2009-02-08 13:23 <DIR> d-------- c:\documents and settings\tom\Application Data\Axosoft
2009-02-08 09:52 . 2009-02-08 09:52 0 --a------ c:\windows\nsreg.dat
2009-01-30 10:43 . 2009-01-30 10:43 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-20 19:03 . 2009-01-20 19:03 <DIR> d-------- c:\windows\system32\Adobe
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\program files\Solitaire Plus
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\documents and settings\tom\Application Data\GamesForOne
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\GamesForOne
2009-01-13 10:53 . 2009-01-13 10:53 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-13 10:52 . 2009-01-13 10:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-13 10:51 . 2007-03-17 15:39 958,464 --a------ c:\windows\system32\hpotiop4.dll
2009-01-13 10:51 . 2007-03-17 15:39 675,840 --a------ c:\windows\system32\hpowiax4.dll
2009-01-13 10:51 . 2007-03-17 15:39 303,104 --a------ c:\windows\system32\hpovst11.dll
2009-01-13 10:51 . 2007-03-31 00:29 267,864 --a------ c:\windows\system32\hpzids01.dll
2009-01-13 10:51 . 2007-03-28 14:01 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-01-13 10:49 . 2009-01-09 13:16 121,299 --------- c:\windows\hpoins15.dat.temp
2009-01-13 10:49 . 2007-09-21 10:15 1,037 --------- c:\windows\hpomdl15.dat.temp
2009-01-13 10:41 . 2007-03-08 14:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-01-13 10:41 . 2007-03-08 14:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-12 16:58 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-12 16:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-12 16:29 . 2009-01-12 16:29 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-12 16:27 . 2009-01-12 16:27 <DIR> d-------- c:\program files\7-Zip
2009-01-12 14:44 . 2009-01-12 14:44 <DIR> d-------- c:\temp\FixEngine
2009-01-12 14:09 . 2009-01-12 14:11 69,417 --a------ c:\windows\hpoins05.dat
2009-01-12 14:09 . 2005-07-28 20:11 19,696 --------- c:\windows\hpomdl05.dat
2009-01-12 14:08 . 2009-01-12 14:08 <DIR> d-------- c:\temp\HP_WebRelease
2009-01-12 11:24 . 2009-01-12 11:24 <DIR> d-------- c:\documents and settings\tom\.TDA-Options360

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 14:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-08 01:49 90,112 ----a-w c:\windows\DUMP1339.tmp
2009-02-08 01:37 90,112 ----a-w c:\windows\DUMP12ad.tmp
2009-01-11 01:50 --------- d-----w c:\program files\Movavi VideoSuite 6
2009-01-11 00:44 --------- d-----w c:\program files\RADVideo
2009-01-11 00:12 --------- d-----w c:\program files\PentaWare
2009-01-10 00:12 --------- d-----w c:\program files\Windows Installer Clean Up
2009-01-10 00:12 --------- d-----w c:\program files\MSECACHE
2009-01-09 18:13 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-01-09 18:12 --------- d-----w c:\program files\HP
2009-01-08 08:00 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-07 15:04 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-07 15:03 --------- d-----w c:\program files\Windows Live
2009-01-07 15:03 --------- d-----w c:\program files\Microsoft
2009-01-07 15:02 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-07 14:56 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-04 03:55 520,192 ----a-w c:\windows\system32\Rolex Oyster Perpetual.scr
2008-12-19 16:42 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-19 16:42 --------- d-----w c:\documents and settings\tom\Application Data\SUPERAntiSpyware.com
2008-12-19 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-12 00:57 19,116 ----a-w c:\program files\Common Files\typowuma.bat
2008-11-12 00:57 19,031 ----a-w c:\program files\Common Files\gixefepo.dll
2008-11-12 00:57 18,498 ----a-w c:\documents and settings\tom\Application Data\hohup.com
2008-11-12 00:57 17,727 ----a-w c:\documents and settings\All Users\Application Data\verib.sys
2008-11-12 00:57 16,917 ----a-w c:\documents and settings\tom\Application Data\olamype.com
2008-11-12 00:57 16,795 ----a-w c:\program files\Common Files\agyniqybaw.com
2008-11-12 00:57 15,065 ----a-w c:\windows\pudidyteh.dll
2008-11-12 00:57 15,025 ----a-w c:\program files\Common Files\ysigopan.dl
2008-11-12 00:57 14,274 ----a-w c:\program files\Common Files\pode.inf
2008-11-12 00:57 13,108 ----a-w c:\program files\Common Files\vevan.dat
2008-11-12 00:57 11,025 ----a-w c:\program files\Common Files\mesuka.vbs
2008-08-30 15:47 71,064 ----a-w c:\documents and settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2008-08-18 19:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.

------- Sigcheck -------

2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w uauclt.exe
2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c c:\windows\ServicePackFiles\i386\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"TBF Drop Zone"="c:\program files\TBFDropZone\TBFDropZone.exe" [2007-07-24 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-10 1601304]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-09 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-10 10:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-10 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-10 107272]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-07-09 9867]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2008-07-09 12106]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-10 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-10 298264]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-07-09 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2008-07-09 4010]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2008-07-09 4392]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2008-07-09 2343]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
HKLM-Run-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe

.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\iwuzmyd7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\iwuzmyd7.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 09:33:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4228801649-2419863050-430390485-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2D1A9BC1-3DF1-BE48-E93C-4326A2A10A0D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eakcjeaneh"=hex:66,61,65,68,61,6d,66,6f,6d,6c,6a,68,00,31
"dabbkdla"=hex:64,62,6f,63,6e,6d,69,69,61,6e,68,63,6d,61,64,6c,67,6b,63,6a, 70,
66,61,70,6f,66,6c,6b,63,6b,6a,68,6b,6d,6f,6e,6d,6a,6b,63,00,00
"iacehhbnmhdapkflno"=hex:6a,61,64,64,63,6d,6b,67,6a,6e,67,69,6a,70,6d,6c,6d ,67,
68,62,00,00
"hamebkogdpophlki"=hex:6b,61,67,64,67,6d,69,66,69,67,6e,61,6e,67,6c,69,66,6 3,
67,67,63,61,00,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(376)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-02-11 9:35:21
ComboFix2.txt 2008-11-07 17:32:40
ComboFix-quarantined-files.txt 2009-02-11 14:35:20

Pre-Run: 14,102,855,680 bytes free
Post-Run: 14,712,668,160 bytes free

261 --- E O F --- 2009-02-08 00:48:40

**noahdfear** · 13th February 2009

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:


http://www.windowsbbs.com/malware-virus-removal/81364-active-ie-wont-run.html#post443811
File::
c:\windows\DUMP1339.tmp
c:\windows\DUMP12ad.tmp
Collect::
c:\program files\Common Files\typowuma.bat
c:\program files\Common Files\gixefepo.dll
c:\documents and settings\tom\Application Data\hohup.com
c:\documents and settings\All Users\Application Data\verib.sys
c:\documents and settings\tom\Application Data\olamype.com
c:\program files\Common Files\agyniqybaw.com
c:\windows\pudidyteh.dll
c:\program files\Common Files\ysigopan.dl
c:\program files\Common Files\pode.inf
c:\program files\Common Files\vevan.dat
c:\program files\Common Files\mesuka.vbs
RegNull::
[HKEY_USERS\S-1-5-21-4228801649-2419863050-430390485-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2D1A9BC1-3DF1-BE48-E93C-4326A2A10A0D}*]
Driver::
mailKmd

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so and let me know the results. This will assist the author in adding the files for removal in future updates. Thanks!

grenny47 · 13th February 2009

I just want to let you know that after running ComboFix my laptop started working fine. While it was running it found several bad files and a registry entry and fixed them all. Since my machine is running OK, should I continue with your last instruction?

**noahdfear** · 14th February 2009

Yes, please complete those instructions. While your symptoms may have subsided, there are still things that need to be done to complete the cleanup.

grenny47 · 14th February 2009

ComboFix 09-02-12.03 - tom 2009-02-14 16:23:12.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.963 [GMT -5:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tom\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\DUMP12ad.tmp
c:\windows\DUMP1339.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\verib.sys
c:\documents and settings\tom\Application Data\hohup.com
c:\documents and settings\tom\Application Data\olamype.com
c:\program files\Common Files\agyniqybaw.com
c:\program files\Common Files\gixefepo.dll
c:\program files\Common Files\mesuka.vbs
c:\program files\Common Files\pode.inf
c:\program files\Common Files\typowuma.bat
c:\program files\Common Files\vevan.dat
c:\program files\Common Files\ysigopan.dl
c:\windows\DUMP12ad.tmp
c:\windows\DUMP1339.tmp
c:\windows\pudidyteh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mailKmd

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-11 20:48 . 2009-02-11 20:48 <DIR> d-------- c:\documents and settings\tom\Application Data\YouSendIt
2009-02-11 20:47 . 2009-02-11 20:47 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-11 15:12 . 2009-02-11 15:12 <DIR> d--hs---- C:\FOUND.000
2009-02-11 09:55 . 2009-02-11 09:55 <DIR> d-------- c:\program files\PicLensIE
2009-02-10 10:46 . 2009-02-10 10:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-10 10:33 . 2009-02-10 10:33 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-10 10:33 . 2009-02-10 10:33 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-10 10:33 . 2009-02-10 10:33 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-10 10:33 . 2009-02-10 10:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-10 09:01 . 2009-02-10 09:01 <DIR> d-------- c:\program files\Java
2009-02-10 09:01 . 2009-02-10 09:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-08 21:02 . 2009-02-08 21:02 <DIR> d-------- c:\program files\AVG
2009-02-08 13:23 . 2009-02-08 13:23 <DIR> d-------- c:\program files\TBFDropZone
2009-02-08 13:23 . 2009-02-08 13:23 <DIR> d-------- c:\documents and settings\tom\Application Data\Axosoft
2009-02-08 09:52 . 2009-02-08 09:52 0 --a------ c:\windows\nsreg.dat
2009-01-30 10:43 . 2009-01-30 10:43 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-20 19:03 . 2009-01-20 19:03 <DIR> d-------- c:\windows\system32\Adobe
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\program files\Solitaire Plus
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\documents and settings\tom\Application Data\GamesForOne
2009-01-20 13:50 . 2009-01-20 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\GamesForOne

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 14:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-13 15:53 --------- d-----w c:\program files\Hewlett-Packard
2009-01-13 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-12 21:29 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-12 21:27 --------- d-----w c:\program files\7-Zip
2009-01-11 01:50 --------- d-----w c:\program files\Movavi VideoSuite 6
2009-01-11 00:44 --------- d-----w c:\program files\RADVideo
2009-01-11 00:12 --------- d-----w c:\program files\PentaWare
2009-01-10 00:12 --------- d-----w c:\program files\Windows Installer Clean Up
2009-01-10 00:12 --------- d-----w c:\program files\MSECACHE
2009-01-09 18:13 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-01-09 18:12 --------- d-----w c:\program files\HP
2009-01-08 08:00 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-07 15:04 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-07 15:03 --------- d-----w c:\program files\Windows Live
2009-01-07 15:03 --------- d-----w c:\program files\Microsoft
2009-01-07 15:02 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-07 14:56 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-04 03:55 520,192 ----a-w c:\windows\system32\Rolex Oyster Perpetual.scr
2008-12-19 16:42 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-19 16:42 --------- d-----w c:\documents and settings\tom\Application Data\SUPERAntiSpyware.com
2008-12-19 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-08-30 15:47 71,064 ----a-w c:\documents and settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2008-08-18 19:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.

------- Sigcheck -------

2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w uauclt.exe
2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c c:\windows\ServicePackFiles\i386\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-11_ 9.34.16.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-25 22:18:08 126,976 ----a-w c:\windows\Downloaded Program Files\plinstll.dll
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:36 133,120 ------w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:36 63,488 ------w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:10 70,656 ------w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:36 153,088 ------w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:36 230,400 ------w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:54 161,792 ------w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:36 383,488 ------w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:36 384,512 ------w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:38 6,066,176 ------w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:38 44,544 ------w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:38 267,776 ------w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:10 13,824 ------w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:38 27,648 ------w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:38 459,264 ------w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:38 52,224 ------w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 ------w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:40 671,232 ------w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:40 102,912 ------w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:40 44,544 ------w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:42 213,216 ------w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:40 105,984 ------w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:40 1,160,192 ------w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:40 233,472 ------w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 ------w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:12 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:12 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:14 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:36 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:14 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:36 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:14 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 20:38:36 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:36 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-16 20:38:36 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:16 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:36 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:38 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:22 6,066,688 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:38 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:22 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:38 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 20:38:38 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:24 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:38 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:24 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:38 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:32 193,024 ------w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:40 671,232 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:40 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:40 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:38:40 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:40 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:40 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:42 826,368 ------w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:14 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:36 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:14 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:36 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:14 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:10 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:16 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:36 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:36 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:54 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:36 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:16 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:36 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:38 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:22 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:38 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:22 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:38 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:10 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:16 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:38 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:24 27,648 ------w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:38 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:24 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:38 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:32 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:40 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:40 102,912 ------w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2008-10-16 20:38:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:38:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:40 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:42 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-14 21:28:00 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_958.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"TBF Drop Zone"="c:\program files\TBFDropZone\TBFDropZone.exe" [2007-07-24 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-10 1601304]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-09 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-10 10:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-10 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-10 107272]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-07-09 9867]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2008-07-09 12106]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-10 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-10 298264]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-07-09 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2008-07-09 4010]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2008-07-09 4392]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2008-07-09 2343]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-YouSendIt.exe - c:\program files\YouSendIt\Express\YouSendIt.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\iwuzmyd7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\iwuzmyd7.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 16:28:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(376)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\LOGISHRD\LVMVFM\LVPRCSRV.EXE
c:\program files\AVG\AVG8\AVGTRAY.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\program files\AVG\AVG8\AVGNSX.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
c:\program files\IPOD\BIN\IPODSERVICE.EXE
c:\program files\COMMON FILES\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-02-14 16:32:07 - machine was rebooted
ComboFix3.txt 2008-11-07 17:32:40
ComboFix-quarantined-files.txt 2009-02-14 21:32:02
ComboFix2.txt 2009-02-11 14:35:24

Pre-Run: 14,502,330,368 bytes free
Post-Run: 14,641,463,296 bytes free

395 --- E O F --- 2009-02-12 00:35:24

**noahdfear** · 15th February 2009

Your log looks good. Lets get a second opinion before we decalre it clean. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

grenny47 · 15th February 2009

It seems to have found only one file infected. I have deleted that file.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 15, 2009 03:09:07
Records in database: 1798100
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 108517
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:21:31

File name / Threat name / Threats count
D:\Music\Steve Nicks - Stop draggin' my heart around.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.

**noahdfear** · 18th February 2009

Provided things are working normally again, lets cleanup our tools. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.com from the desktop.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

That should finish things up.