Active Monitor goes blank & Can't install anti-virus programs

[Active] Monitor goes blank & Can't install anti-virus programs

Hi. I have another ladies computer here. With this one the computer monitor is going blank usually after a few minutes (if not in safe mode). When in safemode, I can easily get around for any length of time and the screen doesnt go out; however, I still cannot install any anti-virus programs. She has not had anti-virus program running on it for at least a long while (hmm). I was able to install Windows Advanced SystemCare and removed a ton of spyware but was unable to install any anti-virus programs. I am going to try renaming a program and see if that works...otherwise I am ready to go ahead with any advice you have for this.
Thanks a million.

Windows XP sp3 Emachine

 

Have you tried running DDS?

As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

NOTES:

When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.

If you have problems running DDS then post back and await a malware analysts instructions.

 

Monitor goes blank & Can't install anti-virus

I am trying to read through them right now

Here is DDS output

DDS:


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Margaret Wood at 12:35:44.42 on 04/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.312 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Margaret Wood\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/products/why.html
uSearchAssistant =
uCustomizeSearch =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url= "-appkey=motive -windowcontext=reportagent -url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath= "c:\program files\common files\motive\MotiveBrowser.exe" /hidden
mRun: [avast5] c:\progra~1\test\altwil~1\avtastt5\avastUI.exe /nogui
mRunOnce: [DELDIR0.EXE] "c:\docume~1\margar~1\locals~1\temp\deldir0.exe" "c:\program files\mcafee\mcafee shared components\guardian\ "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\margar~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106703073065
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\margar~1\applic~1\mozilla\firefox\profiles\o8hv973p.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 163280]
S1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2004-2-9 301200]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 19024]
S2 avast! Antivirus;avast! Antivirus;c:\program files\test\altwill software\avtastt5\AvastSvc.exe [2010-2-4 40384]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2007-1-29 17432]
S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\test\altwill software\avtastt5\AvastSvc.exe [2010-2-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\test\altwill software\avtastt5\AvastSvc.exe [2010-2-4 40384]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070608.020\naveng.sys [2007-6-9 77688]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070608.020\navex15.sys [2007-6-9 852824]
S3 SMCLN;SMC EZ Connect Turbo WLAN Adapters;c:\windows\system32\drivers\smcln.sys --> c:\windows\system32\drivers\SMCln.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
S4 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2004-7-20 1258712]

=============== Created Last 30 ================

2010-02-04 16:32:18 0 d-----w- c:\program files\test
2010-02-03 19:17:53 0 d-----w- c:\program files\Trend Micro
2010-02-03 18:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-03 18:09:19 0 d-----w- c:\docume~1\margar~1\applic~1\IObit
2010-02-03 18:09:18 0 d-----w- c:\program files\IObit
2010-01-23 02:07:42 0 d-----w- c:\program files\iMesh Applications

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2005-10-08 18:57:35 1129 -c--a-w- c:\program files\mdac.log
2004-07-30 12:26:22 90112 -c--a-w- c:\program files\common files\PCSBclean.exe
2004-07-26 18:00:14 291840 -c--a-w- c:\program files\common files\PCSBoff.exe
2009-05-27 14:46:18 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-27 14:46:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052720090528\index.dat

============= FINISH: 12:36:47.25 ===============



And Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2002 5:08:33 PM
System Uptime: 02/04/2010 12:25:54 PM (-1368 hours ago)

Motherboard: TriGem Computer, Inc. | | Imperial
Processor: Intel(R) Celeron(R) CPU 1.80GHz | WMT478/NWD | 1794/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 14.671 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1186: 03/11/2009 1:35:40 PM - System Checkpoint
RP1187: 04/11/2009 1:37:30 PM - System Checkpoint
RP1188: 05/11/2009 1:47:41 PM - System Checkpoint
RP1189: 06/11/2009 2:48:23 PM - System Checkpoint
RP1190: 06/11/2009 9:04:43 PM - Software Distribution Service 3.0
RP1191: 07/11/2009 1:57:47 PM - Software Distribution Service 3.0
RP1192: 07/11/2009 3:47:58 PM - Software Distribution Service 3.0
RP1193: 07/11/2009 8:39:32 PM - Software Distribution Service 3.0
RP1194: 08/11/2009 3:59:07 PM - Software Distribution Service 3.0
RP1195: 08/11/2009 4:33:46 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1196: 08/11/2009 7:49:26 PM - Restore Operation
RP1197: 08/11/2009 7:50:59 PM - Software Distribution Service 3.0
RP1198: 08/11/2009 7:53:52 PM - Installed Windows XP KB961118.
RP1199: 09/11/2009 8:22:08 PM - System Checkpoint
RP1200: 09/11/2009 8:43:27 PM - Software Distribution Service 3.0
RP1201: 10/11/2009 12:14:51 PM - Software Distribution Service 3.0
RP1202: 10/11/2009 12:56:10 PM - Software Distribution Service 3.0
RP1203: 10/11/2009 7:19:43 PM - Software Distribution Service 3.0
RP1204: 11/11/2009 1:16:20 PM - Software Distribution Service 3.0
RP1205: 13/11/2009 10:54:54 AM - System Checkpoint
RP1206: 14/11/2009 11:53:51 AM - System Checkpoint
RP1207: 14/11/2009 7:04:47 PM - Software Distribution Service 3.0
RP1208: 19/11/2009 8:33:27 AM - Software Distribution Service 3.0
RP1209: 20/11/2009 10:12:11 PM - System Checkpoint
RP1210: 22/11/2009 9:42:21 AM - System Checkpoint
RP1211: 23/11/2009 6:36:36 PM - System Checkpoint
RP1212: 25/11/2009 10:46:41 AM - System Checkpoint
RP1213: 29/11/2009 9:45:05 AM - Software Distribution Service 3.0
RP1214: 02/12/2009 7:05:04 PM - System Checkpoint
RP1215: 04/12/2009 1:43:00 PM - Software Distribution Service 3.0
RP1216: 06/12/2009 5:36:35 PM - System Checkpoint
RP1217: 08/12/2009 11:55:04 AM - System Checkpoint
RP1218: 11/12/2009 10:03:27 PM - System Checkpoint
RP1219: 14/12/2009 1:53:12 PM - System Checkpoint
RP1220: 14/12/2009 4:08:55 PM - Installed EPSON Stylus Photo RX680 Series Scanner Driver Update
RP1221: 14/12/2009 4:11:44 PM - Installed EPSON Print CD
RP1222: 14/12/2009 4:13:31 PM - Removed PhotoImpression
RP1223: 15/12/2009 4:51:46 PM - System Checkpoint
RP1224: 18/12/2009 3:30:03 PM - System Checkpoint
RP1225: 22/12/2009 11:57:50 AM - System Checkpoint
RP1226: 23/12/2009 3:15:11 PM - System Checkpoint
RP1227: 31/12/2009 9:07:57 PM - System Checkpoint
RP1228: 02/01/2010 12:35:43 PM - System Checkpoint
RP1229: 08/01/2010 2:04:00 PM - System Checkpoint
RP1230: 13/01/2010 1:26:05 PM - System Checkpoint
RP1231: 23/01/2010 8:28:00 PM - Software Distribution Service 3.0
RP1232: 03/02/2010 2:38:10 PM - Software Distribution Service 3.0
RP1233: 03/02/2010 2:48:06 PM - Software Distribution Service 3.0
RP1234: 03/02/2010 2:48:57 PM - Removed Symantec AntiVirus

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Reader for Palm OS 3.0
Advanced SystemCare 3
ArcSoft Print Creations
Avance AC'97 Audio
avast! Free Antivirus
Bible Data Type System Files
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Common System Files
Conexant SoftK56 Modem(M)
Critical Update for Windows Media Player 11 (KB959772)
Dana Internet Solutions Pack
Documents To Go
EPSON Print CD
EPSON Printer Software
EPSON RX680 User's Guide
EPSON Scan
EPSON Stylus Photo RX680 Series Scanner Driver Update
EPSON Web-To-Page
Graphical Query Editor
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ICQ
Intel(R) Extreme Graphics Driver Software
InterActual Player
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java(TM) 6 Update 13
Learn2 Player (Uninstall Only)
Libronix Digital Library System
Libronix DLS Application
LibronixUpdate
LLS Resource Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works 6.0
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape 6 (6.2.1)
OEB Resource Driver
Palm Desktop
PC Study Bible (remove only)
PDF Resource Driver
PowerDVD
QuickTime
QuickVerse PDA
RealPlayer Basic
RealSpeak_Solo_English_for_Panasonic
SAPI5_Common
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sentence Diagramming
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Voice Editing
Voices United CD ROM Worship Planner
WebFldrs XP
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

30/01/2010 12:16:55 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
29/01/2010 11:19:11 AM, error: Service Control Manager [7000] - The IC Recorder Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/02/2010 12:33:24 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\test\Altwill Software\Avtastt5\AvastUI.exe. Reference error message: The operation completed successfully. .
04/02/2010 12:32:50 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\test\Altwill Software\Avtastt5\avastUI.exe. Reference error message: The operation completed successfully. .
04/02/2010 12:05:31 PM, error: Dhcp [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 00402B41ECDD has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
03/02/2010 3:01:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
03/02/2010 2:52:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips Processor SAVRT SYMTDI
03/02/2010 2:51:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
03/02/2010 2:43:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows (KB923723).
03/02/2010 2:37:21 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
03/02/2010 2:36:25 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
03/02/2010 2:25:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
03/02/2010 2:25:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
03/02/2010 2:25:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
03/02/2010 2:25:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
03/02/2010 2:00:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
03/02/2010 1:55:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SAVRT SYMTDI
03/02/2010 1:37:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SAVRT SYMTDI Tcpip
03/02/2010 1:37:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/02/2010 1:37:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
03/02/2010 1:36:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
03/02/2010 1:36:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================



Thanks

 

Thanks,

A Malware Analyst will advise as soon as they can.

 

Monitor goes blank & Can't install anti-virus programs

Hi again Broni!
Combofix didn't work the first time when i tried in safemode, it came up to warning about combofix.org and then asked me to say yes (which I did) then nothing happened.
Rebooted and am trying again.
If it requires normal mode it may not work because it seems to require safemode for anything over a few minutes. However, it also seems to not permit any antivirus programs to be properly installed, run or uninstalled...maybe it also recognizes combofix?

Going to try that again...please advise,

 

I have had to redownload the program and now it is telling me: "ComboFix has detected teh following real time scanner(s) to be active: Antivirus: Symantec AntiVirus Corporate Edition
Antivirus and intrusion prevention programs are known to interfere with Combofix's running" etc.
However, when I go into task manager there is nothing there showing any process by symantec. I have tried to uninstall that program before but it wouldnt allow me. I will see if there is time to try it again in normal boot mode.
I'll get back to you after that.

 

Monitor goes blank & Can't install anti-virus programs

Very strange. I did get it to stay on long enough to remove the symantec program; however now it will not boot into safemode (at least not safemode with networking).
I am going to proceed trying combofix (the new one) in normal mode...if it will boot to that, that is.

 

It did boot to normal, but It went blank within seconds. still no safemode available and am going to have to keep trying to get it into one mode or the other long enough to run combofix.
When booting to normal mode it asks me to run a scandisk (formerly it hadn't) but for now I just bypassed it...that wouldn't have anything to do with anything would it? Just coincidence?
Oh the frustrations...and sometimes the joys?

 

Monitor goes blank & Can't install anti-virus

I had to try a couple times but I was able to get combofix running before it went blank and then it remained up for the process.

Here is combofix log:


ComboFix 10-02-03.08 - Margaret Wood 04/02/2010 14:05:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.310 [GMT -4:00]
Running from: c:\documents and settings\Margaret Wood\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Margaret Wood\Cookies\MM2048.DAT
c:\recycler\S-1-5-21-602162358-920026266-725345543-1003
c:\windows\desktop
c:\windows\desktop\ReadMe.txt

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 16:32 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-04 16:32 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-04 16:32 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-04 16:32 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-04 16:32 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-04 16:32 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-04 16:32 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-04 16:32 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-04 16:32 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 16:32 . 2010-02-04 16:32 -------- d-----w- c:\program files\test
2010-02-03 19:17 . 2010-02-03 19:17 -------- d-----w- c:\program files\Trend Micro
2010-02-03 18:40 . 2010-02-03 18:40 -------- d-----w- c:\documents and settings\Margaret Wood\Local Settings\Application Data\Mozilla
2010-02-03 18:24 . 2010-02-04 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-03 18:24 . 2010-02-03 18:24 -------- d-----w- c:\program files\Alwil Software
2010-02-03 18:09 . 2010-02-03 18:09 -------- d-----w- c:\documents and settings\Margaret Wood\Application Data\IObit
2010-02-03 18:09 . 2010-02-03 18:09 -------- d-----w- c:\program files\IObit
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-sh--w- c:\documents and settings\Jennifer Hastey\IETldCache
2010-01-27 20:13 . 2010-01-27 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ICS
2010-01-27 20:09 . 2010-01-27 20:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-01-23 02:07 . 2010-01-23 02:07 -------- d-----w- c:\program files\iMesh Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 17:47 . 2005-01-26 16:34 -------- d-----w- c:\program files\Symantec
2010-02-04 17:47 . 2005-01-26 16:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 17:47 . 2005-01-26 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-03 19:11 . 2005-05-03 14:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-02 14:09 . 2009-12-01 13:58 79488 ----a-w- c:\documents and settings\Margaret Wood\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:14 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 20:13 . 2008-09-18 13:02 -------- d-----w- c:\program files\ArcSoft
2009-12-14 20:13 . 2002-08-02 00:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 20:11 . 2008-09-18 13:01 -------- d-----w- c:\program files\EPSON Print CD
2009-12-14 20:11 . 2008-09-18 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-12-14 20:10 . 2008-09-18 12:58 -------- d-----w- c:\program files\epson
2009-12-14 20:05 . 2008-06-20 20:04 -------- d-----w- c:\documents and settings\Margaret Wood\Application Data\ZoomBrowser EX
2009-12-14 19:44 . 2004-05-02 03:13 27048 -c--a-w- c:\documents and settings\Margaret Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2003-02-04 15:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-10-08 18:57 . 2005-10-08 18:57 1129 -c--a-w- c:\program files\mdac.log
2004-07-30 12:26 . 2007-10-30 18:30 90112 -c--a-w- c:\program files\Common Files\PCSBclean.exe
2004-07-26 18:00 . 2007-06-09 21:34 291840 -c--a-w- c:\program files\Common Files\PCSBoff.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotiveReportAgent "= "c:\program files\Common Files\Motive\McciBootStrapper.exe" [2007-05-29 202240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Margaret Wood\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 04:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-01-06 19:33 2335952 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-01-28 22:09 2757512 ----a-w- c:\progra~1\test\ALTWIL~1\Avtastt5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX680 Series]
2007-04-13 10:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICJA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-09-25 00:12 98304 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2003-01-08 20:50 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-27 13:14 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus "=3 (0x3)
"SNDSrvc "=3 (0x3)
"SavRoam "=3 (0x3)
"JavaQuickStarterService "=2 (0x2)
"DefWatch "=2 (0x2)
"ccSetMgr "=2 (0x2)
"ccPwdSvc "=3 (0x3)
"ccEvtMgr "=2 (0x2)
"WMPNetworkSvc "=3 (0x3)
"idsvc "=3 (0x3)
"CCALib8 "=2 (0x2)
"avast! Web Scanner "=3 (0x3)
"avast! Mail Scanner "=3 (0x3)
"avast! Antivirus "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\United Church\\Voices United\\rteng7.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/02/2010 12:32 PM 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/02/2010 12:32 PM 19024]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [29/01/2007 7:18 PM 17432]
S3 SMCLN;SMC EZ Connect Turbo WLAN Adapters;c:\windows\system32\DRIVERS\SMCln.sys --> c:\windows\system32\DRIVERS\SMCln.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/products/why.html
uSearchAssistant =
uCustomizeSearch =
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Margaret Wood\Application Data\Mozilla\Firefox\Profiles\o8hv973p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-RunOnce-DELDIR0.EXE - c:\docume~1\MARGAR~1\LOCALS~1\Temp\DELDIR0.EXE
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 14:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
DELDIR0.EXE = "c:\docume~1\MARGAR~1\LOCALS~1\Temp\DELDIR0.EXE" "c:\program files\McAfee\McAfee Shared Components\Guardian\ "?}?'!}?|????????? ????????????????????w?????/?w?/?w???????w????L??????w????<???????s:?w?? ?~??w???????w ? ?????????????v???C?:?\?P?r?o?g?r?a?m? ?F?i?l?e?s?\?M?c?A?f?e?e?\?M?c?A?f?e?e? ?S?h?a?r?e?d? ?C?o?m?p?o?n?e?n?t?s?\?G?u?a?r?d?i?a?n?\????????????????????????????????? ? ?????@}?w8??w???????w?%?w?????$?wd??????????? ?@v????03??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-04 14:21:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 18:21

Pre-Run: 15,156,428,800 bytes free
Post-Run: 15,108,841,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - 3ED23DD3F236189E9236F4BCA4EEFF90

 

I see again the old "Catchme" rootkit in there...but I don't see anything else other than a strange bit of gobeldygook with the mcafee components/guardian.
I find it odd that if all this was due to Catchme why did it have such different symptoms than this issue: http://www.windowsbbs.com/malware-v...direct-internet-time-zone-not-accessible.html

?

 

Thanks Broni will try again in safemode as can't get a stable normal mode (again).
Let you know in a couple of minutes.

 

It didn't ask me to reboot.
It did produce a combofix log & i'll post it below.
I tried to run HijackThis but all I get is the Trend Micro End User License Agreement.
I'll try to get into normal mode to try the Hijackthis to see if that remedies it (if I can).
For now, here is the Combofix


Combofix log

ComboFix 10-02-03.08 - Margaret Wood 04/02/2010 14:46:24.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.381 [GMT -4:00]
Running from: c:\documents and settings\Margaret Wood\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Margaret Wood\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03102009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03122007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03132007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03142007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03152007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03162007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03172007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03182007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03192007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03202007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03212007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03222007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03232007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03242007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03252007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03262007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03272007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03282007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03292007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03302007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\03312007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04022007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04032007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04032008.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04042007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04052007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04062007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04072007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04122007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04132007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04142007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04152007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04162007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04182007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04192007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04202007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04212007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04232007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04242007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04252007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04262007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04272007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04282007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04302007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05012007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05022007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05032007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05042007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05052007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05062007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05072007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05082007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05092007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05102007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05112007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05122007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05132007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05142007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05152007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05172007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05182007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05192007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05202007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05212007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05222007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05232007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05242007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05252007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05262007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05272007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05282007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05292007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05302007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05312007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06052007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06062007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06072007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06082007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06092007.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08162007.Log
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 16:32 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-04 16:32 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-04 16:32 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-04 16:32 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-04 16:32 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-04 16:32 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-04 16:32 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-04 16:32 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-04 16:32 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 16:32 . 2010-02-04 16:32 -------- d-----w- c:\program files\test
2010-02-03 19:17 . 2010-02-03 19:17 -------- d-----w- c:\program files\Trend Micro
2010-02-03 18:40 . 2010-02-03 18:40 -------- d-----w- c:\documents and settings\Margaret Wood\Local Settings\Application Data\Mozilla
2010-02-03 18:24 . 2010-02-04 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-03 18:24 . 2010-02-03 18:24 -------- d-----w- c:\program files\Alwil Software
2010-02-03 18:09 . 2010-02-03 18:09 -------- d-----w- c:\documents and settings\Margaret Wood\Application Data\IObit
2010-02-03 18:09 . 2010-02-03 18:09 -------- d-----w- c:\program files\IObit
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-sh--w- c:\documents and settings\Jennifer Hastey\IETldCache
2010-01-27 20:13 . 2010-01-27 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ICS
2010-01-27 20:09 . 2010-01-27 20:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-01-23 02:07 . 2010-01-23 02:07 -------- d-----w- c:\program files\iMesh Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 19:11 . 2005-05-03 14:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-02 14:09 . 2009-12-01 13:58 79488 ----a-w- c:\documents and settings\Margaret Wood\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:14 . 2004-08-24 01:32 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 20:13 . 2008-09-18 13:02 -------- d-----w- c:\program files\ArcSoft
2009-12-14 20:13 . 2002-08-02 00:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 20:11 . 2008-09-18 13:01 -------- d-----w- c:\program files\EPSON Print CD
2009-12-14 20:11 . 2008-09-18 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-12-14 20:10 . 2008-09-18 12:58 -------- d-----w- c:\program files\epson
2009-12-14 20:05 . 2008-06-20 20:04 -------- d-----w- c:\documents and settings\Margaret Wood\Application Data\ZoomBrowser EX
2009-12-14 19:44 . 2004-05-02 03:13 27048 -c--a-w- c:\documents and settings\Margaret Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2003-02-04 15:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-10-08 18:57 . 2005-10-08 18:57 1129 -c--a-w- c:\program files\mdac.log
2004-07-30 12:26 . 2007-10-30 18:30 90112 -c--a-w- c:\program files\Common Files\PCSBclean.exe
2004-07-26 18:00 . 2007-06-09 21:34 291840 -c--a-w- c:\program files\Common Files\PCSBoff.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotiveReportAgent "= "c:\program files\Common Files\Motive\McciBootStrapper.exe" [2007-05-29 202240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Margaret Wood\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 04:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-01-06 19:33 2335952 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-01-28 22:09 2757512 ----a-w- c:\progra~1\test\ALTWIL~1\Avtastt5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX680 Series]
2007-04-13 10:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICJA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-09-25 00:12 98304 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2003-01-08 20:50 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-27 13:14 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService "=2 (0x2)
"WMPNetworkSvc "=3 (0x3)
"idsvc "=3 (0x3)
"CCALib8 "=2 (0x2)
"avast! Web Scanner "=3 (0x3)
"avast! Mail Scanner "=3 (0x3)
"avast! Antivirus "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\United Church\\Voices United\\rteng7.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/02/2010 12:32 PM 163280]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/02/2010 12:32 PM 19024]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [29/01/2007 7:18 PM 17432]
S3 SMCLN;SMC EZ Connect Turbo WLAN Adapters;c:\windows\system32\DRIVERS\SMCln.sys --> c:\windows\system32\DRIVERS\SMCln.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/products/why.html
uSearchAssistant =
uCustomizeSearch =
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Margaret Wood\Application Data\Mozilla\Firefox\Profiles\o8hv973p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 14:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-04 14:57:04
ComboFix-quarantined-files.txt 2010-02-04 18:56
ComboFix2.txt 2010-02-04 18:21

Pre-Run: 15,653,093,376 bytes free
Post-Run: 15,624,994,816 bytes free

- - End Of File - - 6AC3F7E099A0FC06D153F74712690AF0

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:24 PM, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tretnd Mitcro\HijatckThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/products/why.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url= "-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath= "C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106703073065
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F916EBB-D7C9-43CB-A675-225A5A028050}: Domain = queensu.ca

--
End of file - 4327 bytes