vimax problem

ksean · 11-01-2009, 10:13 AM

I cannot seem to get rid of the vimax ads - I have run Malwarebytes repeatedly but it keeps coming back. Thanks.

Not real computer savvy, so please explain things in detail.

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 11:49:04.50 on Sun 11/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.151 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\1151701785\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: The hdtip: {f4bec60b-9cee-4a91-91fb-8da8de3ca166} - c:\windows\hdtip.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ICQ] "c:\program files\icq6.5\ICQ.exe" silent
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Acme.PCHButton] c:\progra~1\helpan~1\hpq\xpxwwpp5\plugin\bin\PCHButton.exe
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [NSWatchDog] c:\windows\NSWATC~1.EXE &PT=&MI=&OS=Microsoft_Windows_XP_version_5.1
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [VTTimer] VTTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [PTAC Agent] c:\windows\system32\sys32\PTAC.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HostManager] c:\program files\common files\aol\1151701785\ee\AOLSoftware.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\epsonp~1.lnk - e:\titles\ereg\EPSONREG.EXE
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184081858328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-9 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
RUnknown ouirrn;ouirrn; [x]
S2 bfkezit;bfkezit;c:\windows\system32\drivers\ffxjxvxl.sys --> c:\windows\system32\drivers\ffxjxvxl.sys [?]
S2 Ca536av;DV 4500(Video);c:\windows\system32\drivers\Ca536av.sys [2006-12-25 514859]
S2 cijna;cijna;c:\windows\system32\drivers\dcfmxqtf.sys --> c:\windows\system32\drivers\dcfmxqtf.sys [?]
S2 enjkzt;enjkzt;c:\windows\system32\drivers\cldrvhq.sys --> c:\windows\system32\drivers\cldrvhq.sys [?]
S2 gupdate1c9a66bb0558178;Google Update Service (gupdate1c9a66bb0558178);c:\program files\google\update\GoogleUpdate.exe [2009-3-16 133104]
S2 yItht;yItht;c:\windows\system32\drivers\nqgnhkum.sys --> c:\windows\system32\drivers\nqgnhkum.sys [?]
S2 yugm;yugm;c:\windows\system32\drivers\arvc.sys --> c:\windows\system32\drivers\arvc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-5-2 1527900]
S3 USBCamera;DV 4500(Still);c:\windows\system32\drivers\Bulk536.sys [2006-12-25 11048]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]

=============== Created Last 30 ================

2009-10-31 02:15:04 0 d-----w- C:\bc5ba415b4d8ed4a7b786297c3
2009-10-12 15:29:58 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-10-02 22:19:26 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-12 19:44:21 3645 ----a-w- c:\windows\viassary-hp.reg
2009-09-21 19:12:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00:46 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13:32 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-08-19 13:30:59 1283912 ----a-w- c:\program files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-09 23:09:55 0 ----a-w- c:\program files\temp01
2007-03-13 14:17:26 87656 ----a-w- c:\program files\UnHyCam2.exe
2007-02-23 16:54:56 69632 ----a-w- c:\program files\CamRes2.dll
2007-02-23 16:54:55 57344 ----a-w- c:\program files\MClick2.dll
2006-07-09 10:13:43 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57:28 2018 ----a-w- c:\program files\readme.txt
1999-06-24 16:49:50 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49:16 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47:52 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47:28 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46:30 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46:04 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44:02 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43:36 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41:20 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40:52 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38:30 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37:56 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34:48 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34:12 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54:34 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50:14 326 ----a-w- c:\program files\16-11025u.wav

============= FINISH: 11:49:50.67 ===============

tetonbob · 11-03-2009, 09:30 AM

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Your Norton AntiVirus subscription seems to have expired, or the application is not being updated. Can you tell me more about this? Do you receive notifications from Norton AV that it is outdated?

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware. Please note: If the Recovery Console does NOT get installed, click on NO, do not continue, and let me know.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

ksean · 11-04-2009, 07:50 PM

Yes, Norton seems to be expired. No I do not get notifications is is outdated.

I downloaded Combofix and double clicked, then hit run, but nothing happens at all. So other than the run/cancel prompt, there are no other prompts to follow. I downloaded from Link 1. I waited for an hour, but nothing.

Now what?

Thanks.

tetonbob · 11-04-2009, 08:55 PM

Delete your existing copy of ComboFix, and we'll have you download it again, this time rename it as it's saved.

---------------------------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware. NOTE: If the Recovery Console does NOT install, click on No, do NOT continue, and let me know.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------

If Norton is expired, it's not doing as much good for the machine as it should. During this process, if you want to or can, renew the subscription and update it after ComboFix has been run.

If you'd like a free alternative to Norton, or would like to go another direction for a paid application, let me know, and I can offer some choices.

ksean · 11-06-2009, 04:32 PM

Combofix log

I thought I already posted this, but do not see it.

ComboFix 09-11-04.05 - HP_Owner 11/05/2009 8:06.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.211 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComFx.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Start Menu\Programs\Uninstall.lnk
c:\recycler\S-1-5-21-2673807416-727448126-4017708046-1003
c:\windows\search_res.txt
c:\windows\system32\drivers\ESQULlydlndnomcqoeseburmnoxbqfafyxhrm.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ESQULwlcialvfyjaxdrcanqyusvnsdeffqsqa.dll
c:\windows\system32\ESQULyapqtmmxxrohrifpjouoqqikumofuqew.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\Process.exe
c:\windows\system32\ps2.bat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\viassary-hp.reg
D:\Autorun.inf

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- C:\bc5ba415b4d8ed4a7b786297c3
2009-10-31 01:57 . 2009-10-31 03:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\NOS
2009-10-12 15:29 . 2005-11-03 19:21 135168 ----a-w- c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 23:05 . 2004-10-22 21:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-04 13:14 . 2007-09-25 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-03 22:26 . 2008-01-22 12:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2009-11-01 17:00 . 2009-07-29 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-31 03:27 . 2005-03-06 10:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 19:10 . 2009-09-21 19:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-18 19:10 . 2009-09-21 19:11 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-01 14:29 . 2009-10-02 22:19 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 21:52 . 2009-09-30 21:52 8854 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-09-30 21:52 . 2009-09-30 21:52 40960 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-09-30 21:52 . 2009-09-30 21:52 40960 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-09-21 19:11 . 2009-09-21 19:11 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-21 19:11 . 2009-09-21 19:11 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-09-21 19:11 . 2009-09-21 19:11 1028432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-09-13 21:40 . 2009-09-13 21:40 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Widget.6A69418F94511E8B54343880430D52179408F788.1
2009-09-13 21:40 . 2009-09-13 21:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-13 21:39 . 2009-09-13 21:40 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-11 14:33 . 2004-11-03 18:50 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:53 . 2008-07-28 21:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 20:45 . 2004-11-03 18:50 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-11-03 18:52 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-08-09 21:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-11-03 19:19 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-11-03 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 07:41 . 2005-03-09 21:10 70880 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-19 13:30 . 2008-08-19 13:30 1283912 ----a-w- c:\program files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-09 23:09 . 2008-07-09 23:09 0 ----a-w- c:\program files\temp01
2007-03-13 14:17 . 2007-11-04 18:28 87656 ----a-w- c:\program files\UnHyCam2.exe
2007-02-23 16:54 . 2007-11-04 18:28 69632 ----a-w- c:\program files\CamRes2.dll
2007-02-23 16:54 . 2007-11-04 18:28 57344 ----a-w- c:\program files\MClick2.dll
2006-07-09 10:13 . 2007-11-04 18:28 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57 . 2007-11-04 18:28 2018 ----a-w- c:\program files\readme.txt
1999-06-24 16:49 . 2007-11-04 18:28 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49 . 2007-11-04 18:28 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47 . 2007-11-04 18:28 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47 . 2007-11-04 18:28 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46 . 2007-11-04 18:28 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46 . 2007-11-04 18:28 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44 . 2007-11-04 18:28 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43 . 2007-11-04 18:28 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41 . 2007-11-04 18:28 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40 . 2007-11-04 18:28 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38 . 2007-11-04 18:28 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37 . 2007-11-04 18:28 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34 . 2007-11-04 18:28 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34 . 2007-11-04 18:28 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54 . 2007-11-04 18:28 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50 . 2007-11-04 18:28 326 ----a-w- c:\program files\16-11025u.wav
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-25 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-22 32881]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-12-04 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HostManager"="c:\program files\Common Files\AOL\1151701785\ee\AOLSoftware.exe" [2006-09-26 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-01-21 79448]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-06 90112]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-06 2805248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2009-2-28 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-3-5 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151701785\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/9/2009 2:10 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 bfkezit;bfkezit;c:\windows\system32\drivers\ffxjxvxl.sys --> c:\windows\system32\drivers\ffxjxvxl.sys [?]
S2 Ca536av;DV 4500(Video);c:\windows\system32\drivers\Ca536av.sys [12/25/2006 10:49 PM 514859]
S2 cijna;cijna;c:\windows\system32\drivers\dcfmxqtf.sys --> c:\windows\system32\drivers\dcfmxqtf.sys [?]
S2 enjkzt;enjkzt;c:\windows\system32\drivers\cldrvhq.sys --> c:\windows\system32\drivers\cldrvhq.sys [?]
S2 gupdate1c9a66bb0558178;Google Update Service (gupdate1c9a66bb0558178);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 2:15 PM 133104]
S2 yItht;yItht;c:\windows\system32\drivers\nqgnhkum.sys --> c:\windows\system32\drivers\nqgnhkum.sys [?]
S2 yugm;yugm;c:\windows\system32\drivers\arvc.sys --> c:\windows\system32\drivers\arvc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/2/2008 7:49 PM 1527900]
S3 USBCamera;DV 4500(Still);c:\windows\system32\drivers\Bulk536.sys [12/25/2006 10:49 PM 11048]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:12]

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-25 04:25]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 19:14]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 19:14]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625290849-2336797372-2871873070-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:45]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625290849-2336797372-2871873070-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:45]

2009-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-10-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 17:20]

2009-11-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-22 07:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{F4BEC60B-9CEE-4A91-91FB-8DA8DE3CA166} - c:\windows\hdtip.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKLM-Run-NSWatchDog - c:\windows\NSWATC~1.EXE
HKLM-Run-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
HKLM-Run-PTAC Agent - c:\windows\system32\Sys32\PTAC.exe
HKLM-Run-KBD - c:\hp\KBD\KBD.EXE
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
HKLM-Run-TkBellExe - realsched.exe
HKLM-Run-VTTimer - VTTimer.exe
AddRemove-PSPMovieCreator - c:\program files\PQDVD\PSPMovieCreator\bt-uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 08:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-05 8:33
ComboFix-quarantined-files.txt 2009-11-05 13:32

Pre-Run: 62,468,702,208 bytes free
Post-Run: 63,879,249,920 bytes free

tetonbob · 11-06-2009, 05:43 PM

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c PEV -l "%systemdrive%\proquota.*" >Log.txt&Log.txt&del Log.txt

After a little while, a Notepad file will open. Post the contents of Log.txt in your next reply.

ksean · 11-06-2009, 05:55 PM

log

Also, please give a suggestion for virus protection in the future

tetonbob · 11-06-2009, 06:13 PM

Gladly....would you like a free AntiVirus, or pay? There are very good in both camps, with paid you get better support and additional features. Each vendor provides trial versions, most are 30 days, some are 14 days. Let me know in reply after this next fix, and we'll get you set up.

For paid, I prefer Eset's NOD32 or Kaspersky, for free, I prefer Avira or Avast.

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Driver::
bfkezit
cijna
enjkzt
yItht
yugm
Fcopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe
Rootkit::
c:\windows\system32\drivers\ffxjxvxl.sys
c:\windows\system32\drivers\dcfmxqtf.sys
c:\windows\system32\drivers\cldrvhq.sys
c:\windows\system32\drivers\nqgnhkum.sys
c:\windows\system32\drivers\arvc.sys

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix may request an update; please allow it.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

ksean · 11-06-2009, 07:22 PM

Followed directions
Combofix updated

After it updated but before it ran a box showed up that said this" PEV.cffxxe has encountered a problem and needs to close". Once I closed that box, Combofix ran.

After it rebooted, it said: Windows encountered a serious error. Error signature
BCCode: 10000050 BCP1: FF91101C BCP2: 00000000 BCP3: F8ACCABB
BCP4:00000000 OSVer: 5_1_2600 SP:2_0 Prodcut 768_1

No log was created

tetonbob · 11-06-2009, 07:36 PM

Is the machine currently stable in Normal Mode?

Post a new log from DDS please.

ksean · 11-06-2009, 07:45 PM

I am not sure what you mean by stable - if you mean do I still have the problem, I am not sure, as I have been staying offline except to deal with this. If you mean do I have any other problems, than it does not appear I do.

DDS attached

ksean · 11-06-2009, 07:47 PM

Sorry - when I try to upload DDS it says it was already attached - No new log was created after the last Combofix was done as I stated 2 replies ago

tetonbob · 11-06-2009, 07:59 PM

Hi, by stable, I mean....are you at your normal desktop, has the crash event occurred more than the once.

I don't want a new DDS log attached, please. When I say posted, I mean please paste it into the reply window.

Run DDS once again, all I want to see is the new log, copied and pasted into the reply window as it is in your original reply.

ksean · 11-07-2009, 05:31 AM

OK, I understand. Yes, I am using my normal desktop. Yes the crash only happened the one time.

I seem to have a new problem - when I close anything, instead of just going away, sometimes it freezes, then closes from the top down horizontally, like I was rolling it up, and this morning I had to open Google Chrome 3 times before it would give me a cursor on the page. So I could open the page, but I could not scroll up or down or go left or right to what was on the screen.

DDS log (and sorry I misunderstood what you wanted before)

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 7:16:16.89 on Sat 11/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.60 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\1151701785\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HostManager] c:\program files\common files\aol\1151701785\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\epsonp~1.lnk - e:\titles\ereg\EPSONREG.EXE
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

tetonbob · 11-07-2009, 08:46 AM

That log appears to be incomplete. Be sure you press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread.

ksean · 11-07-2009, 11:39 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 7:16:16.89 on Sat 11/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.60 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\1151701785\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HostManager] c:\program files\common files\aol\1151701785\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\epsonp~1.lnk - e:\titles\ereg\EPSONREG.EXE
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184081858328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-9 64160]
S2 Ca536av;DV 4500(Video);c:\windows\system32\drivers\Ca536av.sys [2006-12-25 514859]
S3 USBCamera;DV 4500(Still);c:\windows\system32\drivers\Bulk536.sys [2006-12-25 11048]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]

=============== Created Last 30 ================

2009-11-07 01:53:33 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-07 01:53:33 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-07 01:38:17 0 d-s---w- C:\ComFx
2009-11-07 01:32:40 98816 ----a-w- c:\windows\sed.exe
2009-11-07 01:32:40 77312 ----a-w- c:\windows\MBR.exe
2009-11-07 01:32:40 267264 ----a-w- c:\windows\PEV.exe
2009-11-07 01:32:40 161792 ----a-w- c:\windows\SWREG.exe
2009-10-31 02:15:04 0 d-----w- C:\bc5ba415b4d8ed4a7b786297c3
2009-10-12 15:29:58 135168 ----a-w- c:\windows\system32\igfxres.dll

==================== Find3M ====================

2009-10-01 14:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 19:12:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-08-19 13:30:59 1283912 ----a-w- c:\program files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-09 23:09:55 0 ----a-w- c:\program files\temp01
2007-03-13 14:17:26 87656 ----a-w- c:\program files\UnHyCam2.exe
2007-02-23 16:54:56 69632 ----a-w- c:\program files\CamRes2.dll
2007-02-23 16:54:55 57344 ----a-w- c:\program files\MClick2.dll
2006-07-09 10:13:43 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57:28 2018 ----a-w- c:\program files\readme.txt
1999-06-24 16:49:50 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49:16 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47:52 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47:28 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46:30 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46:04 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44:02 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43:36 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41:20 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40:52 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38:30 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37:56 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34:48 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34:12 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54:34 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50:14 326 ----a-w- c:\program files\16-11025u.wav

============= FINISH: 7:18:58.93 ===============

tetonbob · 11-07-2009, 12:46 PM

Great, thanks.

Can you also look for a ComboFix log, either at C:\ComboFix.txt or C:\ComboFix\ComboFix.txt

Post either if present.

ksean · 11-07-2009, 01:21 PM

It looks like there are 2

First one

2009-11-05 13:31:12 . 2009-11-05 13:31:12 526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PSPMovieCreator.reg.dat
2009-11-05 13:30:41 . 2009-11-05 13:30:41 106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-VTTimer.reg.dat
2009-11-05 13:30:41 . 2009-11-05 13:30:41 123 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TkBellExe.reg.dat
2009-11-05 13:30:39 . 2009-11-05 13:30:39 148 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BJCFD.reg.dat
2009-11-05 13:30:37 . 2009-11-05 13:30:37 110 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-KBD.reg.dat
2009-11-05 13:30:36 . 2009-11-05 13:30:36 135 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PTAC Agent.reg.dat
2009-11-05 13:30:36 . 2009-11-05 13:30:36 165 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Pure Networks Port Magic.reg.dat
2009-11-05 13:30:34 . 2009-11-05 13:30:34 167 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NSWatchDog.reg.dat
2009-11-05 13:30:30 . 2009-11-05 13:30:30 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverCure.reg.dat
2009-11-05 13:30:30 . 2009-11-05 13:30:30 134 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ICQ.reg.dat
2009-11-05 13:30:29 . 2009-11-05 13:30:29 151 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SpeedItUpEX.reg.dat
2009-11-05 13:30:27 . 2009-11-05 13:30:27 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2009-11-05 13:30:26 . 2009-11-05 13:30:26 1,333 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{F4BEC60B-9CEE-4A91-91FB-8DA8DE3CA166}.reg.dat
2009-11-05 13:26:53 . 2004-05-01 03:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2009-11-05 13:23:09 . 2009-11-05 13:23:09 8,758 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-05 12:57:00 . 2009-11-05 12:57:31 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ESQULserv.sys.reg.dat
2009-11-05 12:54:27 . 2009-11-05 13:04:06 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-07-22 17:12:56 . 2009-11-05 02:41:38 4 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULzcounter.vir
2009-07-22 17:12:56 . 2009-07-22 17:12:56 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULyapqtmmxxrohrifpjouoqqikumofuqew.dll.vir
2009-07-22 17:12:56 . 2009-07-22 17:12:56 23,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULwlcialvfyjaxdrcanqyusvnsdeffqsqa.dll.vir
2009-07-22 17:12:52 . 2009-07-22 17:12:52 83,968 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ESQULlydlndnomcqoeseburmnoxbqfafyxhrm.sys.vir
2009-07-22 17:12:17 . 2009-07-22 17:12:21 595 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Start Menu\Programs\Uninstall.lnk.vir
2007-12-05 00:49:19 . 2007-12-05 00:56:53 2,690 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir
2007-12-05 00:48:33 . 2007-10-04 04:36:46 25,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WS2Fix.exe.vir
2007-12-05 00:48:32 . 2007-09-06 04:22:23 289,144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\VCCLSID.exe.vir
2007-12-05 00:48:32 . 2004-07-31 22:50:36 51,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dumphive.exe.vir
2007-12-05 00:48:31 . 2006-04-27 21:49:30 288,417 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SrchSTS.exe.vir
2007-12-05 00:48:31 . 2003-06-06 01:13:00 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir
2007-11-29 20:22:23 . 2007-12-01 13:33:03 1,636 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\search_res.txt.vir
2004-10-22 02:22:43 . 2009-10-12 19:44:21 3,645 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\viassary-hp.reg.vir
2004-10-22 01:32:16 . 2002-10-16 23:57:10 81,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir

2nd one

ComboFix 09-11-04.05 - HP_Owner 11/05/2009 8:06.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.211 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComFx.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Start Menu\Programs\Uninstall.lnk
c:\recycler\S-1-5-21-2673807416-727448126-4017708046-1003
c:\windows\search_res.txt
c:\windows\system32\drivers\ESQULlydlndnomcqoeseburmnoxbqfafyxhrm.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ESQULwlcialvfyjaxdrcanqyusvnsdeffqsqa.dll
c:\windows\system32\ESQULyapqtmmxxrohrifpjouoqqikumofuqew.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\Process.exe
c:\windows\system32\ps2.bat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\viassary-hp.reg
D:\Autorun.inf

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-10-31 02:15 . 2009-10-31 02:15 -------- d-----w- C:\bc5ba415b4d8ed4a7b786297c3
2009-10-31 01:57 . 2009-10-31 03:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\NOS
2009-10-12 15:29 . 2005-11-03 19:21 135168 ----a-w- c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 23:05 . 2004-10-22 21:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-04 13:14 . 2007-09-25 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-03 22:26 . 2008-01-22 12:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2009-11-01 17:00 . 2009-07-29 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-31 03:27 . 2005-03-06 10:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 19:10 . 2009-09-21 19:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-18 19:10 . 2009-09-21 19:11 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-01 14:29 . 2009-10-02 22:19 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 21:52 . 2009-09-30 21:52 8854 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-09-30 21:52 . 2009-09-30 21:52 40960 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-09-30 21:52 . 2009-09-30 21:52 40960 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-09-21 19:11 . 2009-09-21 19:11 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-21 19:11 . 2009-09-21 19:11 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-09-21 19:11 . 2009-09-21 19:11 1028432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-09-13 21:40 . 2009-09-13 21:40 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Widget.6A69418F94511E8B54343880430D52179408F788.1
2009-09-13 21:40 . 2009-09-13 21:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-13 21:39 . 2009-09-13 21:40 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-11 14:33 . 2004-11-03 18:50 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:53 . 2008-07-28 21:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 20:45 . 2004-11-03 18:50 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-11-03 18:52 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-08-09 21:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-11-03 19:19 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-11-03 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 07:41 . 2005-03-09 21:10 70880 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-19 13:30 . 2008-08-19 13:30 1283912 ----a-w- c:\program files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-09 23:09 . 2008-07-09 23:09 0 ----a-w- c:\program files\temp01
2007-03-13 14:17 . 2007-11-04 18:28 87656 ----a-w- c:\program files\UnHyCam2.exe
2007-02-23 16:54 . 2007-11-04 18:28 69632 ----a-w- c:\program files\CamRes2.dll
2007-02-23 16:54 . 2007-11-04 18:28 57344 ----a-w- c:\program files\MClick2.dll
2006-07-09 10:13 . 2007-11-04 18:28 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57 . 2007-11-04 18:28 2018 ----a-w- c:\program files\readme.txt
1999-06-24 16:49 . 2007-11-04 18:28 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49 . 2007-11-04 18:28 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47 . 2007-11-04 18:28 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47 . 2007-11-04 18:28 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46 . 2007-11-04 18:28 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46 . 2007-11-04 18:28 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44 . 2007-11-04 18:28 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43 . 2007-11-04 18:28 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41 . 2007-11-04 18:28 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40 . 2007-11-04 18:28 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38 . 2007-11-04 18:28 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37 . 2007-11-04 18:28 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34 . 2007-11-04 18:28 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34 . 2007-11-04 18:28 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54 . 2007-11-04 18:28 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50 . 2007-11-04 18:28 326 ----a-w- c:\program files\16-11025u.wav
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-25 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-22 32881]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-12-04 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HostManager"="c:\program files\Common Files\AOL\1151701785\ee\AOLSoftware.exe" [2006-09-26 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-01-21 79448]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-06 90112]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-06 2805248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2009-2-28 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-3-5 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151701785\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/9/2009 2:10 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 bfkezit;bfkezit;c:\windows\system32\drivers\ffxjxvxl.sys --> c:\windows\system32\drivers\ffxjxvxl.sys [?]
S2 Ca536av;DV 4500(Video);c:\windows\system32\drivers\Ca536av.sys [12/25/2006 10:49 PM 514859]
S2 cijna;cijna;c:\windows\system32\drivers\dcfmxqtf.sys --> c:\windows\system32\drivers\dcfmxqtf.sys [?]
S2 enjkzt;enjkzt;c:\windows\system32\drivers\cldrvhq.sys --> c:\windows\system32\drivers\cldrvhq.sys [?]
S2 gupdate1c9a66bb0558178;Google Update Service (gupdate1c9a66bb0558178);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 2:15 PM 133104]
S2 yItht;yItht;c:\windows\system32\drivers\nqgnhkum.sys --> c:\windows\system32\drivers\nqgnhkum.sys [?]
S2 yugm;yugm;c:\windows\system32\drivers\arvc.sys --> c:\windows\system32\drivers\arvc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/2/2008 7:49 PM 1527900]
S3 USBCamera;DV 4500(Still);c:\windows\system32\drivers\Bulk536.sys [12/25/2006 10:49 PM 11048]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:12]

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-25 04:25]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 19:14]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 19:14]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625290849-2336797372-2871873070-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:45]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625290849-2336797372-2871873070-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 18:45]

2009-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-10-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 17:20]

2009-11-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-22 07:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{F4BEC60B-9CEE-4A91-91FB-8DA8DE3CA166} - c:\windows\hdtip.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKLM-Run-NSWatchDog - c:\windows\NSWATC~1.EXE
HKLM-Run-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
HKLM-Run-PTAC Agent - c:\windows\system32\Sys32\PTAC.exe
HKLM-Run-KBD - c:\hp\KBD\KBD.EXE
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
HKLM-Run-TkBellExe - realsched.exe
HKLM-Run-VTTimer - VTTimer.exe
AddRemove-PSPMovieCreator - c:\program files\PQDVD\PSPMovieCreator\bt-uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 08:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-05 8:33
ComboFix-quarantined-files.txt 2009-11-05 13:32

Pre-Run: 62,468,702,208 bytes free
Post-Run: 63,879,249,920 bytes free

tetonbob · 11-07-2009, 03:14 PM

Not exactly what I was looking for. Is there a folder, C:\ComboFix? If so, is there a ComboFix.txt inside it? If so, post it, please. If not, let me know.

Next steps...

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 17 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 17 -"
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u17 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

===============================

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

ksean · 11-07-2009, 05:26 PM

1. When I tried to log back in to answer, it kept redirecting me back to main page. Finally I closed out of browser (several times) until it let me log in. Yes, my user name and password were input correctly - I tried over a dozen times.

2. I cannot seem to find a folder called C:\ComboFix or anything called Combofix.txt. All I could find was over 80 copies of what I sent earlier (the combo fix quarantine and something called combo fix 2) - these were all in the folder C:\Qoobox, all created on 11/5/09.

3. Java updated.

4. I already had Malwarebytes so I updated it and here is that log:

Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 5.1.2600 Service Pack 2

11/7/2009 6:34:36 PM
mbam-log-2009-11-07 (18-34-36).txt

Scan type: Quick Scan
Objects scanned: 172869
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

11-03-2009, 09:30 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Hello, and Welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Your Norton AntiVirus subscription seems to have expired, or the application is not being updated. Can you tell me more about this? Do you receive notifications from Norton AV that it is outdated? --------------------------------------------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Please note: If the Recovery Console does NOT get installed, click on NO, do not continue, and let me know. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-04-2009, 07:50 PM	#3 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem Yes, Norton seems to be expired. No I do not get notifications is is outdated. I downloaded Combofix and double clicked, then hit run, but nothing happens at all. So other than the run/cancel prompt, there are no other prompts to follow. I downloaded from Link 1. I waited for an hour, but nothing. Now what? Thanks.

11-04-2009, 08:55 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Delete your existing copy of ComboFix, and we'll have you download it again, this time rename it as it's saved. --------------------------------------------------------------------------------------------- Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop. Link 1 Link 2 -------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on ComFx.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. NOTE: If the Recovery Console does NOT install, click on No, do NOT continue, and let me know. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. --------------------------------------------------------------------------------------------- If Norton is expired, it's not doing as much good for the machine as it should. During this process, if you want to or can, renew the subscription and update it after ComboFix has been run. If you'd like a free alternative to Norton, or would like to go another direction for a paid application, let me know, and I can offer some choices. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2009, 05:43 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Go Start > Run and copy/paste the following single-line command into the Run box and click OK: *cmd /c PEV -l "%systemdrive%\proquota." >Log.txt&Log.txt&del Log.txt After a little while, a Notepad file will open. Post the contents of Log.txt in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? ** Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2009, 06:13 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Gladly....would you like a free AntiVirus, or pay? There are very good in both camps, with paid you get better support and additional features. Each vendor provides trial versions, most are 30 days, some are 14 days. Let me know in reply after this next fix, and we'll get you set up. For paid, I prefer Eset's NOD32 or Kaspersky, for free, I prefer Avira or Avast. Next steps... Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Code: Driver:: bfkezit cijna enjkzt yItht yugm Fcopy:: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe \| c:\windows\system32\proquota.exe Rootkit:: c:\windows\system32\drivers\ffxjxvxl.sys c:\windows\system32\drivers\dcfmxqtf.sys c:\windows\system32\drivers\cldrvhq.sys c:\windows\system32\drivers\nqgnhkum.sys c:\windows\system32\drivers\arvc.sys Save this as CFScript.txt Referring to the picture above, drag CFScript.txt into ComboFix.exe ComboFix may request an update; please allow it. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2009, 07:22 PM	#9 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem Followed directions Combofix updated After it updated but before it ran a box showed up that said this" PEV.cffxxe has encountered a problem and needs to close". Once I closed that box, Combofix ran. After it rebooted, it said: Windows encountered a serious error. Error signature BCCode: 10000050 BCP1: FF91101C BCP2: 00000000 BCP3: F8ACCABB BCP4:00000000 OSVer: 5_1_2600 SP:2_0 Prodcut 768_1 No log was created

11-06-2009, 07:36 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Is the machine currently stable in Normal Mode? Post a new log from DDS please. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2009, 07:45 PM	#11 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem I am not sure what you mean by stable - if you mean do I still have the problem, I am not sure, as I have been staying offline except to deal with this. If you mean do I have any other problems, than it does not appear I do. DDS attached

11-06-2009, 07:47 PM	#12 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem Sorry - when I try to upload DDS it says it was already attached - No new log was created after the last Combofix was done as I stated 2 replies ago

11-06-2009, 07:59 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Hi, by stable, I mean....are you at your normal desktop, has the crash event occurred more than the once. I don't want a new DDS log attached, please. When I say posted, I mean please paste it into the reply window. Run DDS once again, all I want to see is the new log, copied and pasted into the reply window as it is in your original reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-07-2009, 05:31 AM	#14 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem OK, I understand. Yes, I am using my normal desktop. Yes the crash only happened the one time. I seem to have a new problem - when I close anything, instead of just going away, sometimes it freezes, then closes from the top down horizontally, like I was rolling it up, and this morning I had to open Google Chrome 3 times before it would give me a cursor on the page. So I could open the page, but I could not scroll up or down or go left or right to what was on the screen. DDS log (and sorry I misunderstood what you wanted before) DDS (Ver_09-10-26.01) - NTFSx86 Run by HP_Owner at 7:16:16.89 on Sat 11/07/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.60 [GMT -5:00] AV: Norton AntiVirus 2005 On-access scanning enabled (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Common Files\AOL\1151701785\ee\AOLSoftware.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\wanmpsvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [SoundMan] SOUNDMAN.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [HostManager] c:\program files\common files\aol\1151701785\ee\AOLSoftware.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\epsonp~1.lnk - e:\titles\ereg\EPSONREG.EXE StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

11-07-2009, 08:46 AM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem That log appears to be incomplete. Be sure you press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-07-2009, 11:39 AM	#16 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem DDS (Ver_09-10-26.01) - NTFSx86 Run by HP_Owner at 7:16:16.89 on Sat 11/07/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.60 [GMT -5:00] AV: Norton AntiVirus 2005 On-access scanning enabled (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Common Files\AOL\1151701785\ee\AOLSoftware.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\wanmpsvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [SoundMan] SOUNDMAN.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [HostManager] c:\program files\common files\aol\1151701785\ee\AOLSoftware.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\epsonp~1.lnk - e:\titles\ereg\EPSONREG.EXE StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184081858328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-9 64160] S2 Ca536av;DV 4500(Video);c:\windows\system32\drivers\Ca536av.sys [2006-12-25 514859] S3 USBCamera;DV 4500(Still);c:\windows\system32\drivers\Bulk536.sys [2006-12-25 11048] S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?] =============== Created Last 30 ================ 2009-11-07 01:53:33 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-11-07 01:53:33 50176 ----a-w- c:\windows\system32\proquota.exe 2009-11-07 01:38:17 0 d-s---w- C:\ComFx 2009-11-07 01:32:40 98816 ----a-w- c:\windows\sed.exe 2009-11-07 01:32:40 77312 ----a-w- c:\windows\MBR.exe 2009-11-07 01:32:40 267264 ----a-w- c:\windows\PEV.exe 2009-11-07 01:32:40 161792 ----a-w- c:\windows\SWREG.exe 2009-10-31 02:15:04 0 d-----w- C:\bc5ba415b4d8ed4a7b786297c3 2009-10-12 15:29:58 135168 ----a-w- c:\windows\system32\igfxres.dll ==================== Find3M ==================== 2009-10-01 14:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-21 19:12:47 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL 2008-08-19 13:30:59 1283912 ----a-w- c:\program files\WoW-2.3.0.7561-enUS-downloader.exe 2008-07-09 23:09:55 0 ----a-w- c:\program files\temp01 2007-03-13 14:17:26 87656 ----a-w- c:\program files\UnHyCam2.exe 2007-02-23 16:54:56 69632 ----a-w- c:\program files\CamRes2.dll 2007-02-23 16:54:55 57344 ----a-w- c:\program files\MClick2.dll 2006-07-09 10:13:43 82 ----a-w- c:\program files\HomePage.url 2004-05-05 17:57:28 2018 ----a-w- c:\program files\readme.txt 1999-06-24 16:49:50 421 ----a-w- c:\program files\8-44100u.wav 1999-06-24 16:49:16 587 ----a-w- c:\program files\8-44100d.wav 1999-06-24 16:47:52 225 ----a-w- c:\program files\8-22050u.wav 1999-06-24 16:47:28 317 ----a-w- c:\program files\8-22050d.wav 1999-06-24 16:46:30 135 ----a-w- c:\program files\8-11025u.wav 1999-06-24 16:46:04 183 ----a-w- c:\program files\8-11025d.wav 1999-06-24 16:44:02 127 ----a-w- c:\program files\8-8000u.wav 1999-06-24 16:43:36 151 ----a-w- c:\program files\8-8000d.wav 1999-06-24 16:41:20 220 ----a-w- c:\program files\16-8000u.wav 1999-06-24 16:40:52 260 ----a-w- c:\program files\16-8000d.wav 1999-06-24 16:38:30 956 ----a-w- c:\program files\16-44100u.wav 1999-06-24 16:37:56 1186 ----a-w- c:\program files\16-44100d.wav 1999-06-24 16:34:48 442 ----a-w- c:\program files\16-22050u.wav 1999-06-24 16:34:12 652 ----a-w- c:\program files\16-22050d.wav 1999-06-24 15:54:34 340 ----a-w- c:\program files\16-11025d.wav 1999-06-24 15:50:14 326 ----a-w- c:\program files\16-11025u.wav ============= FINISH: 7:18:58.93 ===============

11-07-2009, 12:46 PM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Great, thanks. Can you also look for a ComboFix log, either at C:\ComboFix.txt or C:\ComboFix\ComboFix.txt Post either if present. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-07-2009, 03:14 PM	#19 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,773 OS: 2000 Pro; XP Pro; XP Home	Re: vimax problem Not exactly what I was looking for. Is there a folder, C:\ComboFix? If so, is there a ComboFix.txt inside it? If so, post it, please. If not, let me know. Next steps... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 17 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 17 -" Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u17 with JavaFX 1 License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 10 Java(TM) 6 Update 2 Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. =============================== Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-07-2009, 05:26 PM	#20 (permalink)
ksean Registered User Join Date: Nov 2009 Posts: 16 OS: xp	Re: vimax problem 1. When I tried to log back in to answer, it kept redirecting me back to main page. Finally I closed out of browser (several times) until it let me log in. Yes, my user name and password were input correctly - I tried over a dozen times. 2. I cannot seem to find a folder called C:\ComboFix or anything called Combofix.txt. All I could find was over 80 copies of what I sent earlier (the combo fix quarantine and something called combo fix 2) - these were all in the folder C:\Qoobox, all created on 11/5/09. 3. Java updated. 4. I already had Malwarebytes so I updated it and here is that log: Malwarebytes' Anti-Malware 1.41 Database version: 3119 Windows 5.1.2600 Service Pack 2 11/7/2009 6:34:36 PM mbam-log-2009-11-07 (18-34-36).txt Scan type: Quick Scan Objects scanned: 172869 Time elapsed: 7 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)