OK. Attached are the outputs.
1) removal of JAVA2 runtime Environment prompted a flag. "msvcrt.dll may no longer be needed... you can delete it but doing so may present other apps from running". Deleted it. It can be restored from backup if necessary.
2) At first it appeared that FIREFOX was browsing without problems. Then after 20 minutes the familiar failure appeared "FIREFOX has encountered a probem and needs to close. We are sorry for the inconvenience. " It appears it took 20 minutes for whatever virus is doing this to reinfect things. Now this message pops up after clicking on a few links.
This is a frustrating virus. Thanks for helping.
Regards
Brian
VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report :
http://virscan.org/report/e8541b64f8b1b ... fd4d2.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32:Dialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32:Dialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90
GooredFix by jpshortstuff (24.09.09.1)
Log created at 11:51 on 02/10/2009 (alsopb)
Firefox version 3.5.3 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\PROGRAM FILES\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:49 22/09/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [01:23 30/08/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [22:44 20/09/2009]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\PROGRAM FILES\AVG\AVG8\Firefox" [09:56 21/09/2009]
"avg@igeared"="C:\PROGRAM FILES\AVG\AVG8\Toolbar\Firefox\avg@igeared" [13:06 21/09/2009]
"jqs@sun.com"="C:\PROGRAM FILES\Java\jre6\lib\deploy\jqs\ff" [01:22 30/08/2009]
-=E.O.F=-
ComboFix 09-10-01.01 - alsopb 10/02/2009 12:03.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2040.1507 [GMT 0:00]
Running from: c:\documents and settings\alsopb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\11903b.msi
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-09-24 09:40 . 2009-09-24 09:40 -------- d-----w- c:\program files\DDSFreq
2009-09-24 09:40 . 2009-09-24 09:40 -------- d-----w- C:\ddsvfo2
2009-09-23 15:07 . 2009-09-23 15:07 -------- d-----w- c:\program files\DDS_Controller
2009-09-23 15:06 . 2009-09-23 15:06 -------- d-----w- C:\New Folder
2009-09-23 15:05 . 2009-09-23 15:05 -------- d-----w- C:\ddsvfo
2009-09-22 18:34 . 2009-09-22 18:34 -------- d-----w- c:\program files\Trend Micro
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\documents and settings\alsopb\Application Data\SUPERAntiSpyware.com
2009-09-21 09:56 . 2009-09-21 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-21 09:56 . 2009-09-21 09:56 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\program files\AVG(2)
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8(2)
2009-09-20 20:05 . 2009-09-20 20:05 -------- d-----w- C:\AVGTemp
2009-09-20 18:06 . 2009-09-20 18:06 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-20 18:06 . 2009-09-20 18:06 -------- d-----w- c:\program files\MSECACHE
2009-09-20 17:46 . 2009-09-20 17:46 -------- d-----w- c:\documents and settings\alsopb\Application Data\AVG8
2009-09-20 17:46 . 2009-09-20 17:46 -------- d-----w- c:\program files\Alwil Software
2009-09-18 22:08 . 2009-09-18 22:08 -------- d-----w- c:\documents and settings\alsopb\Application Data\Malwarebytes
2009-09-18 22:07 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 22:07 . 2009-09-18 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 22:07 . 2009-09-18 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 22:07 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 19:11 . 2009-09-18 19:11 -------- d-----w- C:\FOUND.000
2009-09-18 19:11 . 2009-09-18 19:11 -------- d-----w- C:\KPCMS
2009-09-18 18:19 . 2009-09-18 18:19 -------- d-----w- C:\Kodak
2009-09-18 16:05 . 2009-09-18 16:05 -------- d-----w- c:\documents and settings\alsopb\Local Settings\Application Data\ArcSoft
2009-09-18 16:05 . 2009-09-18 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-09-18 16:00 . 2009-09-18 16:00 -------- d-----w- c:\windows\$hf_mig$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 09:40 . 2006-04-08 23:40 249856 ------w- c:\windows\Setup1.exe
2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\documents and settings\alsopb\Application Data\Thunderbird
2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-30 01:22 . 2009-08-30 01:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:08 . 2009-08-23 13:08 -------- d-----w- c:\program files\KENWOOD
2009-08-17 01:43 . 2009-08-17 01:43 -------- d-----w- c:\program files\N1MMP38
2009-08-16 14:38 . 2009-08-16 14:38 -------- d-----w- c:\documents and settings\alsopb\Application Data\Afreet
2009-08-16 11:41 . 2009-04-28 02:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 11:41 . 2009-04-28 02:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 11:41 . 2007-12-24 14:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 17:36 . 2004-11-11 15:33 14 ----a-w- c:\windows\srl1.sys
2009-08-13 17:35 . 2004-11-11 15:33 14 ----a-w- c:\windows\reglbft.reg
2009-08-13 17:35 . 2004-11-11 15:33 112 ----a-w- c:\windows\nmuse1.sys
2005-03-02 20:53 . 2005-03-02 20:52 3870057 ------w- c:\program files\n1mmlo1
2002-08-15 16:54 . 2004-11-12 20:51 3198976 ------w- c:\program files\ViewSonicregistration.exe
2001-06-21 19:35 . 2001-06-21 19:35 11079 ---h--w- c:\program files\folder.htt
2003-07-29 00:15 . 2003-08-21 10:49 307200 ------w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-07-29 00:15 . 2003-08-21 10:49 303104 ------w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-07-29 00:15 . 2003-08-21 10:49 311296 ------w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-07-29 00:15 . 2003-08-21 10:49 299008 ------w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-07-29 00:15 . 2003-08-21 10:49 299008 ------w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-07-29 00:15 . 2003-08-21 10:49 290816 ------w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-07-29 00:15 . 2003-08-21 10:49 122880 ------w- c:\program files\internet explorer\plugins\DjVuCntl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-19_14.54.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-29 04:47 . 2009-09-21 09:56 3403696 c:\windows\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 09:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2004-08-04 12:00 8384000 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-05-17 77824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
d.lnk - c:\windows\System\Show Desktop.scf [2001-6-21 81]
Encoder Agent.lnk - c:\program files\Windows Media Components\Encoder\Wmencagt.exe [2004-3-22 53248]
Office Startup.lnk - c:\program files\Microsoft Office\Office\Osa.exe [2001-6-21 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 11:41 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"5-2-100-199"=c:\program files\Webdialer\sddlr.exe -m
"li-speed00199"=c:\program files\Webdialer\dlres.exe -m
"Delphi 3#Autostart"="c:\wdisplay\WEATHERD.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VsStatEXE"=c:\progra~1\MCAFEE\MCAFEE~1\VSSTAT.EXE /SHOWWARNING
"nwiz"=nwiz.exe /install
"Alogserv"=c:\program files\McAfee\McAfee VirusScan\alogserv.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"KodakCCS"=c:\windows\System32\Drivers\KodakCCS.exe
"98SafeRemove"=c:\windows\98SafeRemove.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Share-to-Web Namespace Daemon"=c:\program files\Accessories\HP Share-to-Web\hpgs2wnd.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="c:\program files\HP\HPCORETECH\HPCMPMGR.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"MSVXD"=c:\windows\MSVXD.EXE 1632
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\nvcpl.dll,NvStartup
"SetIcon"=c:\program files\Generic\Seticon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\D4\\D4.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/28/2009 02:37 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/28/2009 02:37 108552]
R1 hwinterface;hwinterface;c:\windows\SYSTEM32\DRIVERS\hwinterface.sys [12/23/2006 18:22 3026]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/28/2009 02:37 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 02:37 297752]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\SYSTEM32\DRIVERS\DLPortIO.SYS [11/29/2006 13:11 3584]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [11/28/2006 17:29 9344]
S2 USB2000;JDI USB PC TO PC Network Bridge USB Driver;c:\windows\SYSTEM32\DRIVERS\usb2000.sys [1/25/2000 08:57 15712]
S3 iteio;iteio;c:\windows\SYSTEM32\DRIVERS\Iteio.sys [12/30/2006 22:47 3680]
S3 usb18prg;usb18prg;c:\windows\SYSTEM32\DRIVERS\usb18prg.sys [12/13/2007 19:24 20608]
S3 Usblink;Usblink Driver;c:\windows\SYSTEM32\DRIVERS\ulink.sys [12/26/2006 15:31 40788]
S3 Winacusb;Winacusb;c:\windows\SYSTEM32\DRIVERS\winacusb.sys [11/28/2006 22:25 902860]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:OE /CALLER:WIN9X /USER /INSTALL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:OE /CALLER:WIN9X /USER /INSTALL
"c:\program files\OUTLOOK EXPRESS\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:WAB /CALLER:WIN9X /USER /INSTALL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:WAB /CALLER:WIN9X /USER /INSTALL
"c:\program files\OUTLOOK EXPRESS\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-10-01 c:\windows\Tasks\WebReg 20050630200914.job
- c:\program files\HP\DIGITAL IMAGING\BIN\hpqwrg.exe [2004-05-14 17:31]
2009-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 21:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL =
hxxp://www.google.com/iemLocal Page = c:\windows\SYSTEM\BLANK.HTM
mSearch Bar =
hxxp://home.netscape.com/home/winsearch200.htmluSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes -
FILE://c:\windows\SYSTEM\DAJAVA.CAB
DPF: Internet Explorer Classes for Java -
FILE://c:\windows\SYSTEM\IEJAVA.CAB
DPF: Microsoft XML Parser for Java -
FILE://c:\windows\JAVA\CLASSES\XMLDSO4.CAB
FF - ProfilePath - c:\documents and settings\alsopb\Application Data\Mozilla\Firefox\Profiles\j7t5whpq.BRIAN 2\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-02 12:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-02 12:12
ComboFix 09-10-01.01 - alsopb 10/02/2009 12:03.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2040.1507 [GMT 0:00]
Running from: c:\documents and settings\alsopb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\11903b.msi
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-09-24 09:40 . 2009-09-24 09:40 -------- d-----w- c:\program files\DDSFreq
2009-09-24 09:40 . 2009-09-24 09:40 -------- d-----w- C:\ddsvfo2
2009-09-23 15:07 . 2009-09-23 15:07 -------- d-----w- c:\program files\DDS_Controller
2009-09-23 15:06 . 2009-09-23 15:06 -------- d-----w- C:\New Folder
2009-09-23 15:05 . 2009-09-23 15:05 -------- d-----w- C:\ddsvfo
2009-09-22 18:34 . 2009-09-22 18:34 -------- d-----w- c:\program files\Trend Micro
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 11:58 . 2009-09-22 11:58 -------- d-----w- c:\documents and settings\alsopb\Application Data\SUPERAntiSpyware.com
2009-09-21 09:56 . 2009-09-21 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-21 09:56 . 2009-09-21 09:56 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\program files\AVG(2)
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8(2)
2009-09-20 20:05 . 2009-09-20 20:05 -------- d-----w- C:\AVGTemp
2009-09-20 18:06 . 2009-09-20 18:06 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-20 18:06 . 2009-09-20 18:06 -------- d-----w- c:\program files\MSECACHE
2009-09-20 17:46 . 2009-09-20 17:46 -------- d-----w- c:\documents and settings\alsopb\Application Data\AVG8
2009-09-20 17:46 . 2009-09-20 17:46 -------- d-----w- c:\program files\Alwil Software
2009-09-18 22:08 . 2009-09-18 22:08 -------- d-----w- c:\documents and settings\alsopb\Application Data\Malwarebytes
2009-09-18 22:07 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 22:07 . 2009-09-18 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 22:07 . 2009-09-18 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 22:07 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 19:11 . 2009-09-18 19:11 -------- d-----w- C:\FOUND.000
2009-09-18 19:11 . 2009-09-18 19:11 -------- d-----w- C:\KPCMS
2009-09-18 18:19 . 2009-09-18 18:19 -------- d-----w- C:\Kodak
2009-09-18 16:05 . 2009-09-18 16:05 -------- d-----w- c:\documents and settings\alsopb\Local Settings\Application Data\ArcSoft
2009-09-18 16:05 . 2009-09-18 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-09-18 16:00 . 2009-09-18 16:00 -------- d-----w- c:\windows\$hf_mig$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 09:40 . 2006-04-08 23:40 249856 ------w- c:\windows\Setup1.exe
2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\documents and settings\alsopb\Application Data\Thunderbird
2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-30 01:22 . 2009-08-30 01:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:08 . 2009-08-23 13:08 -------- d-----w- c:\program files\KENWOOD
2009-08-17 01:43 . 2009-08-17 01:43 -------- d-----w- c:\program files\N1MMP38
2009-08-16 14:38 . 2009-08-16 14:38 -------- d-----w- c:\documents and settings\alsopb\Application Data\Afreet
2009-08-16 11:41 . 2009-04-28 02:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 11:41 . 2009-04-28 02:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 11:41 . 2007-12-24 14:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 17:36 . 2004-11-11 15:33 14 ----a-w- c:\windows\srl1.sys
2009-08-13 17:35 . 2004-11-11 15:33 14 ----a-w- c:\windows\reglbft.reg
2009-08-13 17:35 . 2004-11-11 15:33 112 ----a-w- c:\windows\nmuse1.sys
2005-03-02 20:53 . 2005-03-02 20:52 3870057 ------w- c:\program files\n1mmlo1
2002-08-15 16:54 . 2004-11-12 20:51 3198976 ------w- c:\program files\ViewSonicregistration.exe
2001-06-21 19:35 . 2001-06-21 19:35 11079 ---h--w- c:\program files\folder.htt
2003-07-29 00:15 . 2003-08-21 10:49 307200 ------w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-07-29 00:15 . 2003-08-21 10:49 303104 ------w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-07-29 00:15 . 2003-08-21 10:49 311296 ------w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-07-29 00:15 . 2003-08-21 10:49 299008 ------w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-07-29 00:15 . 2003-08-21 10:49 299008 ------w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-07-29 00:15 . 2003-08-21 10:49 290816 ------w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-07-29 00:15 . 2003-08-21 10:49 122880 ------w- c:\program files\internet explorer\plugins\DjVuCntl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-19_14.54.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-29 04:47 . 2009-09-21 09:56 3403696 c:\windows\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 09:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2004-08-04 12:00 8384000 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-05-17 77824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
d.lnk - c:\windows\System\Show Desktop.scf [2001-6-21 81]
Encoder Agent.lnk - c:\program files\Windows Media Components\Encoder\Wmencagt.exe [2004-3-22 53248]
Office Startup.lnk - c:\program files\Microsoft Office\Office\Osa.exe [2001-6-21 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 11:41 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"5-2-100-199"=c:\program files\Webdialer\sddlr.exe -m
"li-speed00199"=c:\program files\Webdialer\dlres.exe -m
"Delphi 3#Autostart"="c:\wdisplay\WEATHERD.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VsStatEXE"=c:\progra~1\MCAFEE\MCAFEE~1\VSSTAT.EXE /SHOWWARNING
"nwiz"=nwiz.exe /install
"Alogserv"=c:\program files\McAfee\McAfee VirusScan\alogserv.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"KodakCCS"=c:\windows\System32\Drivers\KodakCCS.exe
"98SafeRemove"=c:\windows\98SafeRemove.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Share-to-Web Namespace Daemon"=c:\program files\Accessories\HP Share-to-Web\hpgs2wnd.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="c:\program files\HP\HPCORETECH\HPCMPMGR.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"MSVXD"=c:\windows\MSVXD.EXE 1632
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\nvcpl.dll,NvStartup
"SetIcon"=c:\program files\Generic\Seticon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\D4\\D4.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/28/2009 02:37 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/28/2009 02:37 108552]
R1 hwinterface;hwinterface;c:\windows\SYSTEM32\DRIVERS\hwinterface.sys [12/23/2006 18:22 3026]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/28/2009 02:37 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 02:37 297752]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\SYSTEM32\DRIVERS\DLPortIO.SYS [11/29/2006 13:11 3584]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [11/28/2006 17:29 9344]
S2 USB2000;JDI USB PC TO PC Network Bridge USB Driver;c:\windows\SYSTEM32\DRIVERS\usb2000.sys [1/25/2000 08:57 15712]
S3 iteio;iteio;c:\windows\SYSTEM32\DRIVERS\Iteio.sys [12/30/2006 22:47 3680]
S3 usb18prg;usb18prg;c:\windows\SYSTEM32\DRIVERS\usb18prg.sys [12/13/2007 19:24 20608]
S3 Usblink;Usblink Driver;c:\windows\SYSTEM32\DRIVERS\ulink.sys [12/26/2006 15:31 40788]
S3 Winacusb;Winacusb;c:\windows\SYSTEM32\DRIVERS\winacusb.sys [11/28/2006 22:25 902860]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:OE /CALLER:WIN9X /USER /INSTALL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:OE /CALLER:WIN9X /USER /INSTALL
"c:\program files\OUTLOOK EXPRESS\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:WAB /CALLER:WIN9X /USER /INSTALL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\program files\OUTLOOK EXPRESS\SETUP50.EXE" /APP:WAB /CALLER:WIN9X /USER /INSTALL
"c:\program files\OUTLOOK EXPRESS\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-10-01 c:\windows\Tasks\WebReg 20050630200914.job
- c:\program files\HP\DIGITAL IMAGING\BIN\hpqwrg.exe [2004-05-14 17:31]
2009-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 21:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL =
hxxp://www.google.com/iemLocal Page = c:\windows\SYSTEM\BLANK.HTM
mSearch Bar =
hxxp://home.netscape.com/home/winsearch200.htmluSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes -
FILE://c:\windows\SYSTEM\DAJAVA.CAB
DPF: Internet Explorer Classes for Java -
FILE://c:\windows\SYSTEM\IEJAVA.CAB
DPF: Microsoft XML Parser for Java -
FILE://c:\windows\JAVA\CLASSES\XMLDSO4.CAB
FF - ProfilePath - c:\documents and settings\alsopb\Application Data\Mozilla\Firefox\Profiles\j7t5whpq.BRIAN 2\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-02 12:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-02 12:12
ComboFix-quarantined-files.txt 2009-10-02 12:12
Pre-Run: 169,904,275,456 bytes free
Post-Run: 170,261,708,800 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
221
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:12, on 10/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Components\Encoder\Wmencagt.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\PROGRAM FILES\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.netscape.com/home/winsearch200.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\BLANK.HTM
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\PROGRAM FILES\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.gloryroad.net"); (C:\Program Files\Netscape\Users\alsopb\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\PROGRAM FILES\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM FILES\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\PROGRAM FILES\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\PROGRAM FILES\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\PROGRAM FILES\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\PROGRAM FILES\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\PROGRAM FILES\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\PROGRAM FILES\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\PROGRAM FILES\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\PROGRAM FILES\Java\jre6\bin\jusched.exe"
O4 - Global Startup: d.lnk = C:\WINDOWS\SYSTEM\Show Desktop.scf
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\Java\jre6\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM FILES\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM FILES\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\PROGRAM FILES\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\PROGRAM FILES\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
--
End of file - 5819 bytes