1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive PC seems to be busy doing something else.

Discussion in 'Malware and Virus Removal Archive' started by thudpucker, 2010/02/28.

  1. 2010/02/28
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    [Inactive] PC seems to be busy doing something else.

    This if moved from the XP site.
    When I type the display seems to be busy doing something else.

    I did the instructions so you can help. However I don't know how to zip the attach file.
    I also have AVG Free 8.5 and dont know how to turn that off.
    I also have super spyware and dont know how to turn that off either.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/2/2009 3:27:25 PM
    System Uptime: 2/22/2010 1:49:10 AM (152 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-MX
    Processor: AMD Athlon(tm) 64 Processor 3800+ | CPU 1 | 2410/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 114.307 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP319: 11/30/2009 5:48:24 PM - System Checkpoint
    RP320: 12/1/2009 6:48:24 PM - System Checkpoint
    RP321: 12/2/2009 8:00:17 PM - System Checkpoint
    RP322: 12/3/2009 9:44:08 PM - System Checkpoint
    RP323: 12/4/2009 9:48:21 PM - System Checkpoint
    RP324: 12/6/2009 4:20:29 AM - System Checkpoint
    RP325: 12/7/2009 5:08:21 AM - System Checkpoint
    RP326: 12/8/2009 5:48:24 AM - System Checkpoint
    RP327: 12/9/2009 9:48:29 AM - System Checkpoint
    RP328: 12/10/2009 3:00:36 AM - Software Distribution Service 3.0
    RP329: 12/10/2009 8:45:40 AM - Avg8 Update
    RP330: 12/11/2009 10:24:14 AM - System Checkpoint
    RP331: 12/12/2009 8:45:25 AM - Avg8 Update
    RP332: 12/12/2009 8:46:47 AM - Avg8 Update
    RP333: 12/13/2009 9:36:18 AM - System Checkpoint
    RP334: 12/14/2009 10:03:47 AM - System Checkpoint
    RP335: 12/15/2009 10:16:47 AM - System Checkpoint
    RP336: 12/16/2009 10:33:39 AM - Installed Java(TM) 6 Update 17
    RP337: 12/17/2009 11:28:29 AM - System Checkpoint
    RP338: 12/18/2009 12:04:34 PM - System Checkpoint
    RP339: 12/19/2009 2:12:49 PM - System Checkpoint
    RP340: 12/20/2009 2:13:12 PM - System Checkpoint
    RP341: 12/21/2009 5:46:39 PM - System Checkpoint
    RP342: 12/22/2009 8:45:15 AM - Avg8 Update
    RP343: 12/23/2009 9:49:19 AM - System Checkpoint
    RP344: 12/24/2009 11:03:16 AM - System Checkpoint
    RP345: 12/25/2009 11:20:49 AM - System Checkpoint
    RP346: 12/26/2009 11:36:52 AM - System Checkpoint
    RP347: 12/27/2009 12:25:39 PM - System Checkpoint
    RP348: 12/28/2009 8:25:46 AM - Avg8 Update
    RP349: 12/29/2009 10:02:13 AM - System Checkpoint
    RP350: 12/30/2009 10:58:22 AM - System Checkpoint
    RP351: 12/31/2009 4:29:25 PM - System Checkpoint
    RP352: 1/1/2010 6:17:26 PM - System Checkpoint
    RP353: 1/2/2010 6:48:51 PM - System Checkpoint
    RP354: 1/3/2010 7:12:30 PM - System Checkpoint
    RP355: 1/4/2010 9:38:09 AM - Avg8 Update
    RP356: 1/5/2010 10:56:00 AM - System Checkpoint
    RP357: 1/6/2010 3:26:39 PM - System Checkpoint
    RP358: 1/7/2010 4:09:30 PM - System Checkpoint
    RP359: 1/8/2010 5:01:49 PM - System Checkpoint
    RP360: 1/9/2010 6:13:33 PM - System Checkpoint
    RP361: 1/10/2010 6:29:21 PM - System Checkpoint
    RP362: 1/10/2010 11:30:29 PM - Installed Google SketchUp Pro 6
    RP363: 1/10/2010 11:30:36 PM - Installed Google SketchUp 6
    RP364: 1/10/2010 11:31:13 PM - Installed Google SketchUp 6 Exporters
    RP365: 1/10/2010 11:31:30 PM - Installed Google SketchUp LayOut 6
    RP366: 1/10/2010 11:33:24 PM - Configured Google SketchUp Pro 6
    RP367: 1/10/2010 11:33:50 PM - Installed Google SketchUp Viewer
    RP368: 1/10/2010 11:35:08 PM - Configured Google SketchUp Viewer
    RP369: 1/10/2010 11:49:31 PM - Removed Google SketchUp Pro 6
    RP370: 1/10/2010 11:49:35 PM - Removed Google SketchUp 6
    RP371: 1/10/2010 11:49:49 PM - Removed Google SketchUp 6 Exporters
    RP372: 1/10/2010 11:49:55 PM - Removed Google SketchUp LayOut 6
    RP373: 1/11/2010 1:22:33 AM - Installed Google SketchUp Viewer
    RP374: 1/11/2010 1:23:24 AM - Configured Google SketchUp Viewer
    RP375: 1/11/2010 1:34:48 AM - Installed Google SketchUp 7
    RP376: 1/12/2010 4:40:13 AM - System Checkpoint
    RP377: 1/13/2010 3:00:22 AM - Software Distribution Service 3.0
    RP378: 1/14/2010 4:07:21 AM - System Checkpoint
    RP379: 1/15/2010 4:16:54 AM - System Checkpoint
    RP380: 1/16/2010 6:32:07 AM - System Checkpoint
    RP381: 1/17/2010 6:32:47 AM - System Checkpoint
    RP382: 1/18/2010 6:54:05 AM - System Checkpoint
    RP383: 1/19/2010 1:30:56 PM - System Checkpoint
    RP384: 1/19/2010 9:41:21 PM - Removed Adobe Reader 9.2.
    RP385: 1/19/2010 9:41:43 PM - Installed Adobe Reader 9.3.
    RP386: 1/20/2010 3:00:15 AM - Software Distribution Service 3.0
    RP387: 1/21/2010 4:14:31 PM - System Checkpoint
    RP388: 1/22/2010 4:30:10 PM - System Checkpoint
    RP389: 1/23/2010 4:40:00 PM - System Checkpoint
    RP390: 1/24/2010 5:19:25 PM - System Checkpoint
    RP391: 1/25/2010 5:53:48 PM - System Checkpoint
    RP392: 1/26/2010 3:56:47 AM - Removed Adobe Reader 9.3.
    RP393: 1/26/2010 3:57:33 AM - Installed Adobe Reader 9.3.
    RP394: 1/27/2010 4:37:02 AM - System Checkpoint
    RP395: 1/27/2010 9:58:34 AM - Installed Windows KB954550-v5.
    RP396: 1/27/2010 9:58:43 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP397: 1/27/2010 10:07:34 AM - Installed Windows XP KB942288-v3.
    RP398: 1/27/2010 10:46:27 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP399: 1/27/2010 2:58:59 PM - Installed Microsoft Web Platform Installer 2.0
    RP400: 1/27/2010 3:21:16 PM - Installed Microsoft Visual Studio Web Authoring Component
    RP401: 1/27/2010 7:26:27 PM - Software Distribution Service 3.0
    RP402: 1/28/2010 3:00:17 AM - Software Distribution Service 3.0
    RP403: 1/29/2010 6:13:58 AM - System Checkpoint
    RP404: 1/30/2010 4:39:19 AM - Installed Windows KB954550-v5.
    RP405: 1/30/2010 4:39:27 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP406: 1/30/2010 4:39:43 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP407: 1/31/2010 5:32:38 AM - System Checkpoint
    RP408: 2/1/2010 5:49:52 AM - System Checkpoint
    RP409: 2/2/2010 6:23:09 AM - System Checkpoint
    RP410: 2/2/2010 8:15:25 AM - Avg8 Update
    RP411: 2/3/2010 8:23:10 AM - System Checkpoint
    RP412: 2/4/2010 9:36:40 AM - System Checkpoint
    RP413: 2/5/2010 9:49:40 AM - System Checkpoint
    RP414: 2/6/2010 10:11:27 AM - System Checkpoint
    RP415: 2/7/2010 11:11:27 AM - System Checkpoint
    RP416: 2/8/2010 12:11:27 PM - System Checkpoint
    RP417: 2/10/2010 3:00:38 AM - Software Distribution Service 3.0
    RP418: 2/11/2010 4:35:12 AM - System Checkpoint
    RP419: 2/12/2010 5:10:42 AM - System Checkpoint
    RP420: 2/13/2010 5:11:08 AM - System Checkpoint
    RP421: 2/14/2010 6:02:39 AM - System Checkpoint
    RP422: 2/14/2010 10:26:06 PM - Installed Google SketchUp Pro 7
    RP423: 2/17/2010 5:59:17 AM - System Checkpoint
    RP424: 2/18/2010 8:40:53 AM - System Checkpoint
    RP425: 2/19/2010 10:46:08 AM - System Checkpoint
    RP426: 2/19/2010 1:03:16 PM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
    RP427: 2/20/2010 1:19:44 PM - System Checkpoint
    RP428: 2/21/2010 2:14:11 PM - System Checkpoint
    RP429: 2/22/2010 2:54:02 PM - System Checkpoint
    RP430: 2/23/2010 7:28:05 PM - System Checkpoint
    RP431: 2/24/2010 7:54:02 PM - System Checkpoint
    RP432: 2/25/2010 8:49:30 PM - System Checkpoint
    RP433: 2/27/2010 1:15:44 AM - System Checkpoint
    RP434: 2/28/2010 4:51:07 AM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Athlon 64 Processor Driver
    AusLogics Disk Defrag
    AVG Free 8.5
    Bio Design package
    Bonjour
    Calcoil
    CoreAAC
    ExpressPCB
    Free Training via AppDev OnDemand 2.4.3.0
    Google SketchUp Pro 7
    Google SketchUp Viewer
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    Indeo® Software
    Inkscape 0.47
    iTunes
    J2SE Runtime Environment 5.0 Update 17
    Java(TM) 6 Update 17
    K-Lite Codec Pack 3.2.0 Full
    Livebrush Lite
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Security Assessment Tool 4.0
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual Studio Web Authoring Component
    Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
    Microsoft Web Platform Installer 2.0
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    MobileMe Control Panel
    Mozilla Firefox (3.5.8)
    MSN
    MSN Toolbar
    MSXML 6.0 Parser (KB933579)
    Nero Suite
    NTI Backup NOW! 3
    NTI CD & DVD-Maker
    NTI CD & DVD-Maker 6.5 Gold
    NTI DriveBackup! 3
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PIXresizer 2.0.4
    PowerDVD
    QuickTime
    Safari
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Serif DrawPlus 4.0
    SoundMAX
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    SUPERAntiSpyware Free Edition
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    2/22/2010 2:19:48 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0018F385C58F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    2/22/2010 1:49:43 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

    ==== End Of File ===========================

    DDS.txt

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Dick Hopkins at 9:37:54.67 on Sun 02/28/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.165 [GMT -6:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\system32\freecell.exe
    C:\Documents and Settings\Dick Hopkins\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.google.com/mail/#inbox
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dickho~1\applic~1\mozilla\firefox\profiles\a2l61bav.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-2 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-2 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-2 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-26 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-26 74480]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-2 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-2 297752]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

    =============== Created Last 30 ================

    2010-02-27 03:50:11 1158257 ----a-w- C:\NuFocus ticket 189222..jpg
    2010-02-27 03:49:15 8762178 ----a-w- C:\Scan0001.tif
    2010-02-26 15:09:59 41156 ---ha-w- C:\hpothb07.tif
    2010-02-26 15:09:59 2624 ---ha-w- C:\hpothb07.dat
    2010-02-26 15:00:18 14562 ----a-w- c:\documents and settings\dick hopkins\.recently-used.xbel
    2010-02-26 02:00:10 380928 ----a-w- c:\windows\system32\ac3filter.acm
    2010-02-26 02:00:09 740442 ----a-w- c:\windows\system32\divx.dll
    2010-02-26 02:00:09 73728 ----a-w- c:\windows\system32\dpl100.dll
    2010-02-26 02:00:09 593920 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-26 02:00:09 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
    2010-02-26 02:00:09 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-26 02:00:09 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-26 02:00:08 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-02-26 02:00:08 10752 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-26 02:00:03 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-02-20 12:35:51 0 d-----w- c:\docume~1\dickho~1\applic~1\Dropbox
    2010-02-19 19:07:56 13515048 ----a-w- C:\Dropbox 0.7.97.exe
    2010-02-19 19:00:35 4165792 ----a-w- C:\AROTrial_mt.exe
    2010-02-16 10:32:05 2946562 ----a-w- C:\AppDevFreeTrainingSetup.zip
    2010-02-16 09:57:20 2986016 ----a-w- C:\AppDevFreeTrainingSetup.exe
    2010-02-15 03:24:48 21008 ------w- c:\windows\system32\Ctl3d.dll
    2010-02-15 03:24:41 0 d-----w- c:\program files\Serif
    2010-02-12 10:42:36 0 d-----w- c:\docume~1\dickho~1\applic~1\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
    2010-02-12 10:42:31 0 d-----w- c:\program files\Livebrush
    2010-02-12 10:34:48 0 d-----w- c:\docume~1\dickho~1\applic~1\DriverCure
    2010-02-12 10:34:34 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2010-02-12 10:34:34 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
    2010-02-12 10:34:33 0 d-----w- c:\program files\ParetoLogic
    2010-02-11 07:09:59 1640 ----a-w- c:\documents and settings\dick hopkins\New document 1.2010_02_11_01_09_59.0.svg
    2010-02-10 18:54:44 0 d-----w- c:\program files\iPod
    2010-02-10 18:54:25 0 d-----w- c:\program files\iTunes
    2010-02-06 07:25:38 2396220 ----a-w- C:\siw-setup.exe
    2010-02-06 06:21:55 0 d-----w- c:\windows\pss
    2010-02-04 05:38:55 104 ----a-w- c:\documents and settings\dick hopkins\webct_upload_applet.properties
    2010-01-30 10:38:58 0 d-----w- C:\be3c7965307676e321faac61f1643f

    ==================== Find3M ====================

    2010-01-27 20:58:08 85840 ----a-w- C:\wpilauncher_n.exe
    2010-01-16 04:54:27 800544 ----a-w- C:\jre-6u17-windows-i586-iftw-rv.exe

    ============= FINISH: 9:38:17.54 ===============
     
    thudpucker,
    #1
  2. 2010/02/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/02/28
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    Boy, this is as complicated as getting married was.
    here's the log.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3807
    Windows 5.1.2600 Service Pack 3, v.3311
    Internet Explorer 8.0.6001.18702

    2/28/2010 1:54:53 PM
    mbam-log-2010-02-28 (13-54-52).txt

    Scan type: Quick Scan
    Objects scanned: 133256
    Time elapsed: 9 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    thudpucker,
    #3
  5. 2010/02/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Two more logs...
     
    broni,
    #4
  6. 2010/03/01
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    I re-started and did this one.

    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3D840B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BAD380, 0x241EFE, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF425CA80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2112] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
    thudpucker,
    #5
  7. 2010/03/01
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    See you tomorrow.
    Dick


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:43:34 AM, on 3/1/2010
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Documents and Settings\Dick Hopkins\Desktop\WindowsBBS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/#inbox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9678 bytes
     
    thudpucker,
    #6
  8. 2010/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
  9. 2010/03/03
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    I got lost!
    Did we get through with all the downloads and Runs?
    Am I fixed?
    Please catch me up if you remember where we are in the program.
    Dick

    Sorry if I seem a Little Spacey, I'm going to school (Visual Basic and Computer Graphics) so my sleep is all messed up and my schedule is way short on logical progression.
     
    thudpucker,
    #8
  10. 2010/03/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, we're not done. I need you to run Combofix.
    When we're done, I'll surely let you know :)
     
    broni,
    #9
  11. 2010/03/04
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    I ran Combofix. I couldnt disable AVG. I ran Combofix the other day, but somehow never got it to you.
    This is from this Morning.

    ComboFix 10-03-03.07 - Dick Hopkins 03/04/2010 7:52.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.211 [GMT -6:00]
    Running from: c:\documents and settings\Dick Hopkins\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
    .

    2010-03-04 13:25 . 2010-03-04 13:25 -------- d-----w- c:\windows\LastGood
    2010-03-04 13:24 . 2010-03-04 13:25 1244648 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\MSNInstaller\msnauins.exe
    2010-03-04 13:24 . 2010-03-04 13:24 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\MSNInstaller
    2010-03-04 08:43 . 2010-03-04 10:17 675283119 ----a-w- C:\ADBEILSTCS3_WWE.exe
    2010-03-04 04:49 . 2010-03-04 04:49 -------- d-----w- C:\$AVG
    2010-03-04 04:49 . 2010-03-04 04:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-04 04:49 . 2010-03-04 04:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-04 04:48 . 2010-03-04 04:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-04 04:48 . 2010-03-04 04:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-04 04:48 . 2010-03-04 04:48 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-03-04 04:48 . 2010-03-04 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-03-04 04:26 . 2010-03-04 04:26 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\WinPatrol
    2010-03-04 04:26 . 2009-03-02 21:25 0 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\WinPatrol\Config.sys
    2010-03-04 04:26 . 2009-03-02 21:25 0 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\WinPatrol\Autoexec.bat
    2010-03-04 04:26 . 2010-03-04 04:26 -------- d-----w- c:\program files\BillP Studios
    2010-03-04 04:13 . 2010-03-04 04:14 999160 ----a-w- C:\wpsetup.exe
    2010-03-04 03:30 . 2010-03-04 03:30 891248 ----a-w- C:\avg_free_stb_all_9_40_cnet.exe
    2010-03-04 03:24 . 2010-03-04 03:24 -------- d-----w- c:\program files\IrfanView
    2010-03-02 03:34 . 2010-03-02 03:34 -------- d-----w- C:\AVGTemp
    2010-02-28 19:30 . 2010-02-28 19:30 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\Malwarebytes
    2010-02-28 19:30 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-28 19:30 . 2010-02-28 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-28 19:30 . 2010-03-01 05:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-28 19:30 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-27 03:12 . 2010-02-27 03:12 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\Media Player Classic
    2010-02-26 15:09 . 2010-02-28 20:22 2481 ---ha-w- C:\hpothb07.dat
    2010-02-26 15:08 . 2010-02-26 15:08 0 ---ha-w- c:\documents and settings\Default User\hpothb07.dat
    2010-02-26 02:00 . 2007-05-31 14:44 740442 ----a-w- c:\windows\system32\divx.dll
    2010-02-26 02:00 . 2007-04-28 20:54 593920 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-26 02:00 . 2007-04-23 08:15 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
    2010-02-26 02:00 . 2007-04-23 08:02 73728 ----a-w- c:\windows\system32\dpl100.dll
    2010-02-26 02:00 . 2006-11-01 20:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-26 02:00 . 2004-01-26 00:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-26 02:00 . 2007-06-03 20:31 10752 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-26 02:00 . 2010-02-27 06:25 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-02-20 12:35 . 2010-02-22 07:49 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\Dropbox
    2010-02-19 19:07 . 2010-02-19 19:09 13515048 ----a-w- C:\Dropbox 0.7.97.exe
    2010-02-19 19:00 . 2010-02-19 19:00 4165792 ----a-w- C:\AROTrial_mt.exe
    2010-02-16 10:32 . 2010-02-16 10:32 2946562 ----a-w- C:\AppDevFreeTrainingSetup.zip
    2010-02-16 09:57 . 2010-02-16 10:30 2986016 ----a-w- C:\AppDevFreeTrainingSetup.exe
    2010-02-15 03:24 . 1993-11-24 14:38 21008 ------w- c:\windows\system32\Ctl3d.dll
    2010-02-15 03:24 . 2010-02-28 20:37 -------- d-----w- c:\program files\Serif
    2010-02-13 06:33 . 2010-02-13 06:33 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
    2010-02-12 10:42 . 2010-02-12 10:42 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
    2010-02-12 10:42 . 2010-02-12 10:42 -------- d-----w- c:\program files\Livebrush
    2010-02-12 10:34 . 2010-02-14 06:57 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\DriverCure
    2010-02-12 10:34 . 2010-02-14 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
    2010-02-12 10:34 . 2010-02-12 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-02-12 10:34 . 2010-02-14 07:57 -------- d-----w- c:\program files\ParetoLogic
    2010-02-10 18:54 . 2010-02-10 18:54 -------- d-----w- c:\program files\iPod
    2010-02-10 18:54 . 2010-02-10 18:55 -------- d-----w- c:\program files\iTunes
    2010-02-10 18:42 . 2010-02-10 18:42 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-02-06 07:25 . 2010-02-06 07:25 2396220 ----a-w- C:\siw-setup.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-04 04:48 . 2009-03-02 22:15 -------- d-----w- c:\program files\AVG
    2010-03-02 03:43 . 2009-03-02 22:13 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\SUPERAntiSpyware.com
    2010-03-02 03:43 . 2009-03-02 22:13 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-03-02 03:42 . 2010-01-22 03:31 -------- d-----w- c:\program files\Inkscape
    2010-02-28 19:14 . 2009-09-03 15:19 82728 -c-ha-w- c:\windows\system32\mlfcache.dat
    2010-02-20 15:27 . 2009-04-19 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-02-20 15:26 . 2010-01-20 03:37 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-20 15:26 . 2009-05-23 02:14 38784 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-19 18:24 . 2009-03-04 02:45 102008 ----a-w- c:\documents and settings\Dick Hopkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-16 09:58 . 2010-01-19 04:57 -------- d-----w- c:\program files\AppDev
    2010-02-10 18:54 . 2009-03-03 03:18 -------- d-----w- c:\program files\Common Files\Apple
    2010-02-10 09:02 . 2009-08-18 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-30 10:43 . 2010-01-27 16:06 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
    2010-01-30 10:43 . 2010-01-27 16:04 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2010-01-30 10:40 . 2010-01-27 16:44 160256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-01-27 21:28 . 2010-01-27 21:28 500032 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
    2010-01-27 21:24 . 2010-01-27 16:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-01-27 21:21 . 2010-01-27 21:21 -------- d-----w- c:\program files\Microsoft Web Designer Tools
    2010-01-27 20:59 . 2009-06-20 18:48 -------- d-----w- c:\program files\Microsoft
    2010-01-27 20:58 . 2010-01-27 20:58 85840 ----a-w- C:\wpilauncher_n.exe
    2010-01-27 20:38 . 2010-01-27 16:06 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-01-27 20:37 . 2010-01-27 20:37 -------- d-----w- c:\program files\MSXML 6.0
    2010-01-27 20:37 . 2009-08-18 22:59 -------- d-----w- c:\program files\Microsoft.NET
    2010-01-27 20:33 . 2010-01-20 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-27 16:01 . 2010-01-27 16:01 -------- d-----w- c:\program files\Microsoft SDKs
    2010-01-26 09:57 . 2009-03-03 00:23 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-25 18:35 . 2010-01-25 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2010-01-22 03:36 . 2010-01-22 03:36 -------- d-----w- c:\documents and settings\Dick Hopkins\Application Data\inkscape
    2010-01-21 21:25 . 2009-04-04 04:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-20 03:34 . 2010-01-20 03:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-01-16 04:58 . 2009-12-16 16:32 152576 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-01-16 04:56 . 2009-12-16 16:29 79488 ----a-w- c:\documents and settings\Dick Hopkins\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-01-16 04:54 . 2010-01-16 04:54 800544 ----a-w- C:\jre-6u17-windows-i586-iftw-rv.exe
    2010-01-11 07:34 . 2009-03-02 21:54 -------- d-----w- c:\program files\Google
    2010-01-11 07:04 . 2009-03-02 21:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-11 05:33 . 2010-01-11 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2010-01-11 05:33 . 2009-03-02 21:37 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-12-29 13:41 . 2009-09-06 14:57 1390 -c-ha-w- c:\documents and settings\LocalService\hpothb07.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-03-02_04.01.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 02:54 . 2009-07-12 02:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-12 02:32 . 2009-07-12 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2010-03-02 04:08 . 2010-03-02 04:08 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
    + 2004-01-07 16:21 . 2004-01-07 17:21 237936 c:\windows\system32\unicows.dll
    - 2004-01-07 16:21 . 2004-01-07 16:21 237936 c:\windows\system32\unicows.dll
    + 2010-03-04 13:25 . 2004-01-07 16:21 237936 c:\windows\LastGood\system32\unicows.dll
    + 2010-03-04 04:48 . 2010-03-04 04:48 424448 c:\windows\Installer\a713c6b.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-06-29 7626752]
    "nwiz "= "nwiz.exe" [2006-06-29 1519616]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-06-29 86016]
    "SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD "= "c:\program files\Ahead\InCD\InCD.exe" [2008-01-23 1450096]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-9 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-04 04:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/3/2010 10:48 PM 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/3/2010 10:49 PM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/3/2010 10:48 PM 285392]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - AVG9WD
    *NewlyCreated* - AVGLDX86
    *NewlyCreated* - AVGMFX86
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2009-06-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8236038773.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

    2010-03-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8236631846.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.google.com/mail/#inbox
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Dick Hopkins\Application Data\Mozilla\Firefox\Profiles\a2l61bav.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-04 07:59
    Windows 5.1.2600 Service Pack 3, v.3311 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-839522115-1060284298-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2956)
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\dot3dlg.dll
    .
    Completion time: 2010-03-04 08:01:30
    ComboFix-quarantined-files.txt 2010-03-04 14:01
    ComboFix2.txt 2010-03-02 04:03

    Pre-Run: 122,399,531,008 bytes free
    Post-Run: 122,597,466,112 bytes free

    - - End Of File - - 83DCD3863FDD1EFCBA028CF7FDDF760F
     
    thudpucker,
    #10
  12. 2010/03/04
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    Off to school, see you this afternoon.
     
    thudpucker,
    #11
  13. 2010/03/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks clean :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ==============================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #12
  14. 2010/03/04
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    frustrating. Nothing works the way its supposed to.
    Kaspersky Stalls. The Drive hits twice, a second apart, then seven seconds later it repeats.
    Locked up.
    So I did it again....same thing. It's demoralizing.
    I didnt know how to shut off AVG, so I disabled it.

    So I dont have the Kerpersky log. And dont know what to do to get it.
    My apologies.
    I'll be here for a little while tonite, but this thing is driving me toward the Bed!
     
    thudpucker,
    #13
  15. 2010/03/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
    broni,
    #14
  16. 2010/03/05
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    Eset said everything was OK. I never found that log at: C:\Program Files\EsetOnlineScanner\log.txt I'm sorry.
    It ran for over two hours while I slept.

    I notice this typing problem while I'm using Gmail and MS Word mostly. Typing is where its most noticeable.
    It occurs when I click on something too. Not so often or maybe not so noticeable.
    Is that info any help?
    Dick
     
    thudpucker,
    #15
  17. 2010/03/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, all scans, we ran came up clean, so I don't think, we're dealing with any security issue here.

    I suggest, you repost your issue at Windows forum.
     
    broni,
    #16
  18. 2010/03/05
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    Many thanks for your patience.
    Now I can safely back up my PC without fear of backing up an infection.
    In the end, I have AVG Free 9, Malwarebytes, and Winpatrol on my PC. Am I OK with all that or do I need something else?
    Dick
     
    thudpucker,
    #17
  19. 2010/03/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
    As far, as I can tell, I don't see any infection present.
    As for backing up, creating an image is the best way to do it:

    Acronis True Image: http://www.acronis.com/ - not free, but the best

    Free alternatives:
    - Macrium Reflect: http://www.macrium.com/ReflectFree.asp (highly recommended)
    - DriveImage XML: http://www.runtime.org/driveimage-xml.htm
    - SelfImage: http://www.excelcia.org/modules.php?name=News&file=article&sid=21
    - Paragon Drive Backup: http://www.paragon-software.com/home/db-express/

    You're perfectly fine :)
     
    broni,
    #18
  20. 2010/03/05
    thudpucker

    thudpucker Inactive Thread Starter

    Joined:
    2010/02/06
    Messages:
    70
    Likes Received:
    0
    Very good I appreciate all your monitoring.
    I chose Paragon. Got the err message something is not supported.
    Oh Well, I'll chose another...
    Dick
     
    thudpucker,
    #19
  21. 2010/03/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)...
     
    broni,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...