I think I have a Trojan type virus?

nicdan · 07-09-2009, 05:52 PM

Hello, My husband was on the computer and a window popped up and said your computer has been infected. Do you want to download your antivirus software. He clicked YES! Now I have an Icon on my desktop that says Personal Anti Virus. I keep getting a balloon popup from this personal anti virus software that was downloaded on the bottom right saying Critical System Warning! Your system has been been infected by the Trojan.win32.agent AZSY. Other virus warnings keep poping up as well. It took many trys to get on your website or any other because it kept blocking me. I have the DDs.txt report below. It will not let me attach my other reports you require. I hit the Manage attachments and nothing happens?
Thank you!
Michelle Hammann

DDS (Ver_09-06-26.01) - NTFSx86
Run by Michelle Hammann at 19:15:48.35 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.116 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\PersonalAV\pav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michelle Hammann\Local Settings\Temporary Internet Files\Content.IE5\GNSTETXE\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uSearch Page =
uDefault_Page_URL =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: &Helper: {a77d3539-581d-450c-9e44-a84c415a6172} - c:\windows\system32\msxmlm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [C:_Program Files_WordPerfe3a] c:\program files\wordperfect office 11\programs\CorUpd.exe /Watch
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Simple Star PhotoShow Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
uRun: [ieupdate] "c:\windows\system32\explorer32.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; {98F1E322-9BE4-4B67-99F6-34429F7C2331}; GTB6; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)" -"http://www.cartoonnetwork.com/games/ben10/battleready/"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Prefs] c:\progra~1\odesk\oDeskLaunch.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PersonalAV] c:\program files\personalav\pav.exe
mRun: [MSDRV] NetFilter.exe
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://66.48.68.135/save/makeover.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - hxxp://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxps://www.dotphoto.com/DPImageUploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\9wmqo51c.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-11 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-19 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-11 108552]

=============== Created Last 30 ================

2009-07-09 18:41 61,440 a------- c:\windows\system32\ndisapi.dll
2009-07-09 18:41 159,744 a------- c:\windows\system32\NetFilter.exe
2009-07-09 18:41 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-07-09 18:40 380,928 a------- c:\windows\system32\msxmlm.dll
2009-07-09 18:40 <DIR> --d----- c:\program files\common files\Uninstall
2009-07-09 18:40 <DIR> --d----- c:\program files\PersonalAV
2009-06-11 19:33 <DIR> --d----- c:\program files\Unity
2009-06-11 14:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 14:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

==================== Find3M ====================

2009-07-03 09:59 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 08:54 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-11 09:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2005-06-29 10:24 774,144 ac------ c:\program files\RngInterstitial.dll
2004-11-28 16:26 13,642,752 ac------ c:\program files\WP11SP1DOEM.msp

============= FINISH: 19:17:10.21 ===============

CatByte · 07-09-2009, 06:13 PM

Hi,

Please do the following:

Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".

Link 1
Link 2

During the download, rename Combofix to Combo-Fix as follows:

--------------------------------------------------------------------

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.

-----------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

nicdan · 07-09-2009, 07:51 PM

Thank you so much for the super fast response. Report is below.

Thank you!
Michelle

ComboFix 09-07-09.06 - Michelle Hammann 07/09/2009 21:15.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT -4:00]
Running from: c:\documents and settings\Michelle Hammann\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michelle Hammann\Desktop\Personal Antivirus.lnk
c:\program files\Antivirus 2009
c:\program files\Common Files\uninstall information
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\COUPON~1.OCX
c:\windows\Installer\29a67e.msp
c:\windows\system32\drivers\fad.sys
c:\windows\system32\msxmlm.dll
c:\windows\system32\open.ico

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-09 22:41 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-09 22:41 . 2009-07-10 00:09 159744 ----a-w- c:\windows\system32\NetFilter.exe
2009-07-09 22:41 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\PersonalAV
2009-07-03 14:00 . 2009-06-29 12:54 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-03 14:00 . 2009-06-29 12:54 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-03 14:00 . 2009-06-29 12:53 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-03 14:00 . 2009-06-29 12:53 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-03 14:00 . 2009-06-29 12:53 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-03 14:00 . 2009-06-29 12:53 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-03 14:00 . 2009-06-29 12:53 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-03 14:00 . 2009-06-29 12:53 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-03 13:58 . 2009-06-29 12:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-03 13:58 . 2009-06-29 12:50 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-23 19:03 . 2009-06-23 19:03 152576 ----a-w- c:\documents and settings\Michelle Hammann\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\Michelle Hammann\Local Settings\Application Data\Unity
2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\program files\Unity
2009-06-11 18:44 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 18:44 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 00:36 . 2009-03-10 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\temp
2009-07-09 03:23 . 2009-02-20 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 13:59 . 2008-06-11 16:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:54 . 2008-06-11 16:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:54 . 2007-02-19 18:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 19:06 . 2003-12-15 12:02 -------- d-----w- c:\program files\Java
2009-06-15 07:04 . 2008-09-11 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 15:41 . 2009-05-22 19:30 -------- d-----w- c:\program files\MSECache
2009-05-23 18:09 . 2008-04-11 02:08 -------- d-----w- c:\program files\Safari
2009-05-23 18:06 . 2009-05-23 18:06 -------- d-----w- c:\program files\Bonjour
2009-05-20 21:12 . 2007-11-14 13:44 -------- d-----w- c:\program files\Coupons
2009-05-17 05:49 . 2004-02-12 14:28 -------- d-----w- c:\program files\Google
2009-05-15 20:03 . 2008-09-08 17:03 -------- d-----w- c:\program files\oDesk
2009-05-13 05:15 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 13:25 . 2008-06-11 16:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-15 18:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-06-29 14:24 . 2005-06-29 14:24 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-11-28 20:26 . 2004-11-28 20:25 13642752 -c--a-w- c:\program files\WP11SP1DOEM.msp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [2005-05-09 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185632]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"Prefs"="c:\progra~1\oDesk\oDeskLaunch.exe" [2009-05-14 357696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"PersonalAV"="c:\program files\PersonalAV\pav.exe" [2009-07-09 1884160]
"MSDRV"="NetFilter.exe" - c:\windows\SYSTEM32\NetFilter.exe [2009-07-10 159744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-15 24576]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2005-5-17 462848]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2005-5-18 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:54 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/11/2008 12:16 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/11/2008 12:16 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/31/2008 8:49 AM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2008 12:16 PM 298776]
S2 gupdate1c993b2e10f4b6c;Google Update Service (gupdate1c993b2e10f4b6c);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 7:28 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NDISRD
*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 13:54]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-C:_Program Files_WordPerfe3a - c:\program files\WordPerfect Office 11\Programs\CorUpd.exe
HKCU-Run-Simple Star PhotoShow Media Manager - c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; {98F1E322-9BE4-4B67-99F6-34429F7C2331}; GTB6; .NET CLR 1.1.4322; InfoPath.2; .NET

.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Michelle Hammann\Application Data\Mozilla\Firefox\Profiles\9wmqo51c.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2009-07-10 21:36
ComboFix-quarantined-files.txt 2009-07-10 01:35

Pre-Run: 27,109,212,160 bytes free
Post-Run: 27,249,520,640 bytes free

194 --- E O F --- 2009-06-15 07:04

CatByte · 07-09-2009, 08:23 PM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393400-i-think-i-have-trojan-type-virus.html#post2231806

Collect::
c:\program files\PersonalAV\pav.exe

Folder::
c:\program files\PersonalAV

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PersonalAV"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

nicdan · 07-09-2009, 09:35 PM

Hello, Here is the log.

Thank you!!

ComboFix 09-07-09.06 - Michelle Hammann 07/09/2009 23:01.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.162 [GMT -4:00]
Running from: c:\documents and settings\Michelle Hammann\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Michelle Hammann\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\program files\PersonalAV\pav.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michelle Hammann\Desktop\Personal Antivirus.lnk
c:\program files\PersonalAV
c:\program files\PersonalAV\pav.exe
c:\windows\system32\msxmlm.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-09 22:41 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-09 22:41 . 2009-07-10 00:09 159744 ----a-w- c:\windows\system32\NetFilter.exe
2009-07-09 22:41 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-03 14:00 . 2009-06-29 12:54 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-03 14:00 . 2009-06-29 12:54 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-03 14:00 . 2009-06-29 12:53 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-03 14:00 . 2009-06-29 12:53 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-03 14:00 . 2009-06-29 12:53 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-03 14:00 . 2009-06-29 12:53 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-03 14:00 . 2009-06-29 12:53 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-03 14:00 . 2009-06-29 12:53 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-03 13:58 . 2009-06-29 12:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-03 13:58 . 2009-06-29 12:50 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-23 19:03 . 2009-06-23 19:03 152576 ----a-w- c:\documents and settings\Michelle Hammann\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\Michelle Hammann\Local Settings\Application Data\Unity
2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\program files\Unity
2009-06-11 18:44 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 18:44 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 01:44 . 2009-03-10 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\temp
2009-07-09 03:23 . 2009-02-20 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 13:59 . 2008-06-11 16:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:54 . 2008-06-11 16:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:54 . 2007-02-19 18:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 19:06 . 2003-12-15 12:02 -------- d-----w- c:\program files\Java
2009-06-15 07:04 . 2008-09-11 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 15:41 . 2009-05-22 19:30 -------- d-----w- c:\program files\MSECache
2009-05-23 18:09 . 2008-04-11 02:08 -------- d-----w- c:\program files\Safari
2009-05-23 18:06 . 2009-05-23 18:06 -------- d-----w- c:\program files\Bonjour
2009-05-20 21:12 . 2007-11-14 13:44 -------- d-----w- c:\program files\Coupons
2009-05-17 05:49 . 2004-02-12 14:28 -------- d-----w- c:\program files\Google
2009-05-15 20:03 . 2008-09-08 17:03 -------- d-----w- c:\program files\oDesk
2009-05-13 05:15 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 13:25 . 2008-06-11 16:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-15 18:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-06-29 14:24 . 2005-06-29 14:24 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-11-28 20:26 . 2004-11-28 20:25 13642752 -c--a-w- c:\program files\WP11SP1DOEM.msp
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_01.27.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 01:42 . 2009-07-10 01:42 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [2005-05-09 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185632]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"Prefs"="c:\progra~1\oDesk\oDeskLaunch.exe" [2009-05-14 357696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MSDRV"="NetFilter.exe" - c:\windows\SYSTEM32\NetFilter.exe [2009-07-10 159744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-15 24576]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2005-5-17 462848]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2005-5-18 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:54 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/11/2008 12:16 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/11/2008 12:16 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/31/2008 8:49 AM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2008 12:16 PM 298776]
S2 gupdate1c993b2e10f4b6c;Google Update Service (gupdate1c993b2e10f4b6c);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 7:28 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 13:54]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Michelle Hammann\Application Data\Mozilla\Firefox\Profiles\9wmqo51c.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2009-07-10 23:24
ComboFix-quarantined-files.txt 2009-07-10 03:23
ComboFix2.txt 2009-07-10 01:36

Pre-Run: 27,286,683,648 bytes free
Post-Run: 27,274,829,824 bytes free

187 --- E O F --- 2009-06-15 07:04
Upload was successful

CatByte · 07-10-2009, 12:56 AM

Hi,

Please do the following:

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

MBAM Log
Kaspersky report

Also, please describe how your computer is running now and if there are any outstanding issues.

nicdan · 07-10-2009, 11:09 AM

Reports below.

Thank you!!

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 3

7/10/2009 8:04:56 AM
mbam-log-2009-07-10 (08-04-56).txt

Scan type: Quick Scan
Objects scanned: 100792
Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\common files\uninstall\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 10, 2009 11:32:24
Records in database: 2456303
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 136568
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:12:41

File name / Threat name / Threats count
C:\WINDOWS\Downloaded Installations\{947CE1EC-E178-4E36-B91A-D173F41B7AE2}\Sunbelt CounterSpy.msi Infected: Trojan.Win32.KillAV.bgg 1

The selected area was scanned.

CatByte · 07-10-2009, 12:31 PM

hi,

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

Code:

cmd /c del /f/a/q "C:\WINDOWS\Downloaded Installations\{947CE1EC-E178-4E36-B91A-D173F41B7AE2}\Sunbelt CounterSpy.msi"

NEXT

Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues

nicdan · 07-10-2009, 02:29 PM

Thank you so much for your super fast help with this issue. I greatly appreciate it! The DDS log is below. My computer is running great!

Thank you! Thank you! Thank you!
Michelle

DDS (Ver_09-06-26.01) - NTFSx86
Run by Michelle Hammann at 16:22:32.32 on Fri 07/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.250 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\NetFilter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Michelle Hammann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Prefs] c:\progra~1\odesk\oDeskLaunch.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSDRV] NetFilter.exe
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://66.48.68.135/save/makeover.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - hxxp://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxps://www.dotphoto.com/DPImageUploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\9wmqo51c.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-11 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-19 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-11 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-31 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-11 298776]
S2 gupdate1c993b2e10f4b6c;Google Update Service (gupdate1c993b2e10f4b6c);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]

=============== Created Last 30 ================

2009-07-10 07:33 <DIR> --d----- c:\docume~1\michel~1\applic~1\Malwarebytes
2009-07-10 07:33 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 07:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 07:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 07:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-09 21:33 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-09 21:07 <DIR> --d----- C:\cmdcons
2009-07-09 21:05 161,792 a------- c:\windows\SWREG.exe
2009-07-09 21:05 155,136 a------- c:\windows\PEV.exe
2009-07-09 21:05 98,816 a------- c:\windows\sed.exe
2009-07-09 18:41 61,440 a------- c:\windows\system32\ndisapi.dll
2009-07-09 18:41 159,744 a------- c:\windows\system32\NetFilter.exe
2009-07-09 18:41 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-07-09 18:40 <DIR> --d----- c:\program files\common files\Uninstall
2009-06-11 19:33 <DIR> --d----- c:\program files\Unity
2009-06-11 14:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 14:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

==================== Find3M ====================

2009-07-03 09:59 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 08:54 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2005-06-29 10:24 774,144 ac------ c:\program files\RngInterstitial.dll
2004-11-28 16:26 13,642,752 ac------ c:\program files\WP11SP1DOEM.msp

============= FINISH: 16:23:54.65 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2003 2:37:47 PM
System Uptime: 7/10/2009 8:07:10 AM (8 hours ago)

Motherboard: Dell Computer Corp. | | 0K0057
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 25.405 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1912: 4/11/2009 10:21:59 PM - System Checkpoint
RP1913: 4/12/2009 11:03:36 PM - System Checkpoint
RP1914: 4/14/2009 12:03:37 AM - System Checkpoint
RP1915: 4/15/2009 12:09:17 AM - System Checkpoint
RP1916: 4/16/2009 1:09:17 AM - System Checkpoint
RP1917: 4/16/2009 3:01:45 AM - Software Distribution Service 3.0
RP1918: 4/16/2009 9:29:11 AM - Avg8 Update
RP1919: 4/17/2009 9:51:18 AM - System Checkpoint
RP1920: 4/18/2009 9:54:57 AM - System Checkpoint
RP1921: 4/19/2009 10:00:23 AM - System Checkpoint
RP1922: 4/20/2009 12:25:49 PM - System Checkpoint
RP1923: 4/21/2009 12:27:13 PM - System Checkpoint
RP1924: 4/22/2009 1:01:34 PM - System Checkpoint
RP1925: 4/23/2009 1:28:17 PM - System Checkpoint
RP1926: 4/24/2009 1:55:05 PM - System Checkpoint
RP1927: 4/25/2009 2:47:04 PM - System Checkpoint
RP1928: 4/26/2009 3:28:16 PM - System Checkpoint
RP1929: 4/27/2009 4:28:20 PM - System Checkpoint
RP1930: 4/28/2009 5:28:20 PM - System Checkpoint
RP1931: 4/29/2009 3:02:08 AM - Software Distribution Service 3.0
RP1932: 4/30/2009 6:30:26 AM - System Checkpoint
RP1933: 4/30/2009 10:49:02 AM - Software Distribution Service 3.0
RP1934: 5/1/2009 11:35:37 AM - System Checkpoint
RP1935: 5/2/2009 11:55:26 AM - System Checkpoint
RP1936: 5/3/2009 1:26:08 PM - System Checkpoint
RP1937: 5/4/2009 3:01:06 PM - System Checkpoint
RP1938: 5/5/2009 3:04:10 PM - System Checkpoint
RP1939: 5/6/2009 5:42:57 PM - System Checkpoint
RP1940: 5/7/2009 9:10:51 PM - System Checkpoint
RP1941: 5/8/2009 9:36:17 PM - System Checkpoint
RP1942: 5/9/2009 10:48:54 PM - System Checkpoint
RP1943: 5/10/2009 11:36:19 PM - System Checkpoint
RP1944: 5/11/2009 9:24:34 AM - Avg8 Update
RP1945: 5/11/2009 9:25:52 AM - Avg8 Update
RP1946: 5/12/2009 11:11:57 AM - System Checkpoint
RP1947: 5/13/2009 2:20:25 PM - System Checkpoint
RP1948: 5/14/2009 3:02:20 AM - Software Distribution Service 3.0
RP1949: 5/15/2009 6:28:42 AM - System Checkpoint
RP1950: 5/16/2009 6:38:12 AM - System Checkpoint
RP1951: 5/17/2009 6:50:12 AM - System Checkpoint
RP1952: 5/18/2009 7:38:53 AM - System Checkpoint
RP1953: 5/19/2009 8:35:29 AM - System Checkpoint
RP1954: 5/19/2009 9:16:35 AM - Avg8 Update
RP1955: 5/19/2009 9:17:33 AM - Avg8 Update
RP1956: 5/20/2009 9:54:21 AM - System Checkpoint
RP1957: 5/21/2009 11:12:30 AM - System Checkpoint
RP1958: 5/22/2009 11:34:10 AM - System Checkpoint
RP1959: 5/22/2009 3:30:58 PM - Installed Compatibility Pack for the 2007 Office system
RP1960: 5/23/2009 3:35:16 PM - System Checkpoint
RP1961: 5/24/2009 4:13:42 PM - System Checkpoint
RP1962: 5/25/2009 4:47:40 PM - System Checkpoint
RP1963: 5/26/2009 6:21:10 PM - System Checkpoint
RP1964: 5/27/2009 6:44:54 PM - System Checkpoint
RP1965: 5/28/2009 8:48:55 PM - System Checkpoint
RP1966: 5/29/2009 9:42:49 PM - System Checkpoint
RP1967: 5/30/2009 10:42:48 PM - System Checkpoint
RP1968: 5/31/2009 11:54:49 PM - System Checkpoint
RP1969: 6/2/2009 12:42:48 AM - System Checkpoint
RP1970: 6/3/2009 1:29:20 AM - System Checkpoint
RP1971: 6/4/2009 2:29:19 AM - System Checkpoint
RP1972: 6/5/2009 6:29:56 AM - System Checkpoint
RP1973: 6/6/2009 6:41:27 AM - System Checkpoint
RP1974: 6/7/2009 7:29:14 AM - System Checkpoint
RP1975: 6/8/2009 7:54:17 AM - System Checkpoint
RP1976: 6/8/2009 11:42:18 AM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP1977: 6/9/2009 12:45:54 PM - System Checkpoint
RP1978: 6/10/2009 3:02:56 AM - Software Distribution Service 3.0
RP1979: 6/11/2009 6:30:51 AM - System Checkpoint
RP1980: 6/12/2009 3:02:48 AM - Software Distribution Service 3.0
RP1981: 6/13/2009 6:35:53 AM - System Checkpoint
RP1982: 6/14/2009 7:34:54 AM - System Checkpoint
RP1983: 6/15/2009 3:02:19 AM - Software Distribution Service 3.0
RP1984: 6/16/2009 6:35:56 AM - System Checkpoint
RP1985: 6/17/2009 6:48:26 AM - System Checkpoint
RP1986: 6/18/2009 6:48:44 AM - System Checkpoint
RP1987: 6/19/2009 6:53:45 AM - System Checkpoint
RP1988: 6/20/2009 7:34:41 AM - System Checkpoint
RP1989: 6/21/2009 8:34:47 AM - System Checkpoint
RP1990: 6/22/2009 11:36:12 AM - System Checkpoint
RP1991: 6/23/2009 12:14:51 PM - System Checkpoint
RP1992: 6/23/2009 3:05:18 PM - Installed Java(TM) 6 Update 13
RP1993: 6/24/2009 3:34:47 PM - System Checkpoint
RP1994: 6/25/2009 4:54:41 PM - System Checkpoint
RP1995: 6/26/2009 5:12:35 PM - System Checkpoint
RP1996: 6/27/2009 5:29:43 PM - System Checkpoint
RP1997: 6/28/2009 5:34:26 PM - System Checkpoint
RP1998: 6/29/2009 8:51:44 AM - Avg8 Update
RP1999: 6/29/2009 8:56:33 AM - Avg8 Update
RP2000: 6/30/2009 11:40:17 AM - System Checkpoint
RP2001: 7/1/2009 3:35:54 PM - System Checkpoint
RP2002: 7/2/2009 4:38:27 PM - System Checkpoint
RP2003: 7/3/2009 9:58:43 AM - Avg8 Update
RP2004: 7/3/2009 10:00:24 AM - Avg8 Update
RP2005: 7/4/2009 12:37:55 PM - System Checkpoint
RP2006: 7/5/2009 1:11:12 PM - System Checkpoint
RP2007: 7/6/2009 1:23:13 PM - System Checkpoint
RP2008: 7/7/2009 1:57:09 PM - System Checkpoint
RP2009: 7/8/2009 4:15:49 PM - System Checkpoint
RP2010: 7/9/2009 5:45:47 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BACS
Banctec Service Agreement
BlazingLasers
Bonjour
Broadcom Advanced Control Suite
CleanUp!
Comcast PhotoShow Deluxe 4
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V.9x 56K DF PCI Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
DIG Game Manager
Digital Line Detect
DING!
DS21Patch
DVDSentry
Fishy Adventure
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Help and Support Customization
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
Lavasoft VX2 Cleaner
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 98
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
oDesk MiniCam 2.0.73
oDesk ScreenSnap 2.0.113
oDesk Share 2.0.69
oDesk Team 2.0.140
OTOY
Photo Organizer
PowerDVD
PrintMaster
Qualxserve Service Agreement
QuickTime
RealPlayer
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Shutterfly Plugin
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy 1.4
Staples Custom Label Software 2.3.0.12
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Verizon Help and Support Tool
Verizon Servicepoint 1.5.12
WebFldrs XP
WidgetServ 1.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

7/9/2009 9:15:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/10/2009 8:09:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440
7/10/2009 8:07:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================

CatByte · 07-10-2009, 05:16 PM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

You can delete the DDS and GMER folders from your desktop.

NEXT

Follow these steps to uninstall Combofix

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
For Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

nicdan · 07-10-2009, 07:21 PM

Thanks again! When I tried to unistall combofix, I followed your instructions. When I typed the prompt in the run box and hit ok it a box popped up and ask to run the program?? Is that right?

Michelle

CatByte · 07-10-2009, 08:02 PM

No, it should have uninstalled combo fix.

Just right click the icon and choose delete

nicdan · 07-11-2009, 08:52 AM

Thank you! You are the best!

Michelle

CatByte · 07-11-2009, 02:34 PM

Hi,

we need to set a new restore point as ComboFix didn't uninstall properly to set one, so please do the following:

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:

cleanmgr

At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Stay safe.

~CB

07-09-2009, 05:52 PM	#1 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	I think I have a Trojan type virus? Hello, My husband was on the computer and a window popped up and said your computer has been infected. Do you want to download your antivirus software. He clicked YES! Now I have an Icon on my desktop that says Personal Anti Virus. I keep getting a balloon popup from this personal anti virus software that was downloaded on the bottom right saying Critical System Warning! Your system has been been infected by the Trojan.win32.agent AZSY. Other virus warnings keep poping up as well. It took many trys to get on your website or any other because it kept blocking me. I have the DDs.txt report below. It will not let me attach my other reports you require. I hit the Manage attachments and nothing happens? Thank you! Michelle Hammann DDS (Ver_09-06-26.01) - NTFSx86 Run by Michelle Hammann at 19:15:48.35 on Thu 07/09/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.116 [GMT -4:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\PersonalAV\pav.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Michelle Hammann\Local Settings\Temporary Internet Files\Content.IE5\GNSTETXE\dds[1].pif ============== Pseudo HJT Report =============== uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central uSearch Page = uDefault_Page_URL = uSearch Bar = uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: &Helper: {a77d3539-581d-450c-9e44-a84c415a6172} - c:\windows\system32\msxmlm.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [C:_Program Files_WordPerfe3a] c:\program files\wordperfect office 11\programs\CorUpd.exe /Watch uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Simple Star PhotoShow Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe uRun: [ieupdate] "c:\windows\system32\explorer32.exe" uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; {98F1E322-9BE4-4B67-99F6-34429F7C2331}; GTB6; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)" -"http://www.cartoonnetwork.com/games/ben10/battleready/" uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Prefs] c:\progra~1\odesk\oDeskLaunch.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [PersonalAV] c:\program files\personalav\pav.exe mRun: [MSDRV] NetFilter.exe StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://66.48.68.135/save/makeover.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32 DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - hxxp://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802 DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxps://www.dotphoto.com/DPImageUploader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\9wmqo51c.default\ FF - prefs.js: browser.search.selectedEngine - The Free Dictionary FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-11 335752] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-19 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-11 108552] =============== Created Last 30 ================ 2009-07-09 18:41 61,440 a------- c:\windows\system32\ndisapi.dll 2009-07-09 18:41 159,744 a------- c:\windows\system32\NetFilter.exe 2009-07-09 18:41 24,576 a------- c:\windows\system32\drivers\ndisrd.sys 2009-07-09 18:40 380,928 a------- c:\windows\system32\msxmlm.dll 2009-07-09 18:40 <DIR> --d----- c:\program files\common files\Uninstall 2009-07-09 18:40 <DIR> --d----- c:\program files\PersonalAV 2009-06-11 19:33 <DIR> --d----- c:\program files\Unity 2009-06-11 14:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 14:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll ==================== Find3M ==================== 2009-07-03 09:59 335,752 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 08:54 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-05-11 09:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2005-06-29 10:24 774,144 ac------ c:\program files\RngInterstitial.dll 2004-11-28 16:26 13,642,752 ac------ c:\program files\WP11SP1DOEM.msp ============= FINISH: 19:17:10.21 =============== Last edited by nicdan; 07-09-2009 at 05:59 PM.*

07-09-2009, 06:13 PM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? Hi, Please do the following: Download Combofix from either of the links below. You must rename it before saving it. Save it to your desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". Link 1 Link 2 During the download, rename Combofix to Combo-Fix as follows: -------------------------------------------------------------------- It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. ----------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" for further review. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- __________________ ASAP & UNITE Member

07-09-2009, 07:51 PM	#3 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	Re: I think I have a Trojan type virus? Thank you so much for the super fast response. Report is below. Thank you! Michelle ComboFix 09-07-09.06 - Michelle Hammann 07/09/2009 21:15.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT -4:00] Running from: c:\documents and settings\Michelle Hammann\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michelle Hammann\Desktop\Personal Antivirus.lnk c:\program files\Antivirus 2009 c:\program files\Common Files\uninstall information c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\COUPON~1.OCX c:\windows\Installer\29a67e.msp c:\windows\system32\drivers\fad.sys c:\windows\system32\msxmlm.dll c:\windows\system32\open.ico . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-09 22:41 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll 2009-07-09 22:41 . 2009-07-10 00:09 159744 ----a-w- c:\windows\system32\NetFilter.exe 2009-07-09 22:41 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\Common Files\Uninstall 2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\PersonalAV 2009-07-03 14:00 . 2009-06-29 12:54 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-03 14:00 . 2009-06-29 12:54 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe 2009-07-03 14:00 . 2009-06-29 12:53 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-03 14:00 . 2009-06-29 12:53 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-07-03 14:00 . 2009-06-29 12:53 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll 2009-07-03 14:00 . 2009-06-29 12:53 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-07-03 14:00 . 2009-06-29 12:53 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-03 14:00 . 2009-06-29 12:53 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-03 13:58 . 2009-06-29 12:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-03 13:58 . 2009-06-29 12:50 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-06-23 19:03 . 2009-06-23 19:03 152576 ----a-w- c:\documents and settings\Michelle Hammann\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\Michelle Hammann\Local Settings\Application Data\Unity 2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\program files\Unity 2009-06-11 18:44 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 18:44 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 00:36 . 2009-03-10 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\temp 2009-07-09 03:23 . 2009-02-20 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-03 13:59 . 2008-06-11 16:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 12:54 . 2008-06-11 16:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 12:54 . 2007-02-19 18:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-23 19:06 . 2003-12-15 12:02 -------- d-----w- c:\program files\Java 2009-06-15 07:04 . 2008-09-11 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-08 15:41 . 2009-05-22 19:30 -------- d-----w- c:\program files\MSECache 2009-05-23 18:09 . 2008-04-11 02:08 -------- d-----w- c:\program files\Safari 2009-05-23 18:06 . 2009-05-23 18:06 -------- d-----w- c:\program files\Bonjour 2009-05-20 21:12 . 2007-11-14 13:44 -------- d-----w- c:\program files\Coupons 2009-05-17 05:49 . 2004-02-12 14:28 -------- d-----w- c:\program files\Google 2009-05-15 20:03 . 2008-09-08 17:03 -------- d-----w- c:\program files\oDesk 2009-05-13 05:15 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-11 13:25 . 2008-06-11 16:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-04-15 18:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-29 14:24 . 2005-06-29 14:24 774144 -c--a-w- c:\program files\RngInterstitial.dll 2004-11-28 20:26 . 2004-11-28 20:25 13642752 -c--a-w- c:\program files\WP11SP1DOEM.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [2005-05-09 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185632] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "Prefs"="c:\progra~1\oDesk\oDeskLaunch.exe" [2009-05-14 357696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "PersonalAV"="c:\program files\PersonalAV\pav.exe" [2009-07-09 1884160] "MSDRV"="NetFilter.exe" - c:\windows\SYSTEM32\NetFilter.exe [2009-07-10 159744] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-15 24576] DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2005-5-17 462848] Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2005-5-18 442368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-29 12:54 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= "c:\\WINDOWS\\SYSTEM32\\javaw.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/11/2008 12:16 PM 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/11/2008 12:16 PM 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/31/2008 8:49 AM 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2008 12:16 PM 298776] S2 gupdate1c993b2e10f4b6c;Google Update Service (gupdate1c993b2e10f4b6c);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 7:28 PM 133104] --- Other Services/Drivers In Memory --- NewlyCreated - NDISRD Deregistered - NDISRD [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-07-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 13:54] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27] . - - - - ORPHANS REMOVED - - - - HKCU-Run-C:_Program Files_WordPerfe3a - c:\program files\WordPerfect Office 11\Programs\CorUpd.exe HKCU-Run-Simple Star PhotoShow Media Manager - c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe HKCU-RunOnce-Shockwave Updater - c:\windows\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; {98F1E322-9BE4-4B67-99F6-34429F7C2331}; GTB6; .NET CLR 1.1.4322; InfoPath.2; .NET . ------- Supplementary Scan ------- . uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab FF - ProfilePath - c:\documents and settings\Michelle Hammann\Application Data\Mozilla\Firefox\Profiles\9wmqo51c.default\ FF - prefs.js: browser.search.selectedEngine - The Free Dictionary FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-09 21:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2009-07-10 21:36 ComboFix-quarantined-files.txt 2009-07-10 01:35 Pre-Run: 27,109,212,160 bytes free Post-Run: 27,249,520,640 bytes free 194 --- E O F --- 2009-06-15 07:04

07-09-2009, 08:23 PM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393400-i-think-i-have-trojan-type-virus.html#post2231806 Collect:: c:\program files\PersonalAV\pav.exe Folder:: c:\program files\PersonalAV Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PersonalAV"=- Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. __________________ ASAP & UNITE Member

07-09-2009, 09:35 PM	#5 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	Re: I think I have a Trojan type virus? Hello, Here is the log. Thank you!! ComboFix 09-07-09.06 - Michelle Hammann 07/09/2009 23:01.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.162 [GMT -4:00] Running from: c:\documents and settings\Michelle Hammann\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Michelle Hammann\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\program files\PersonalAV\pav.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michelle Hammann\Desktop\Personal Antivirus.lnk c:\program files\PersonalAV c:\program files\PersonalAV\pav.exe c:\windows\system32\msxmlm.dll . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-09 22:41 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll 2009-07-09 22:41 . 2009-07-10 00:09 159744 ----a-w- c:\windows\system32\NetFilter.exe 2009-07-09 22:41 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2009-07-09 22:40 . 2009-07-09 22:40 -------- d-----w- c:\program files\Common Files\Uninstall 2009-07-03 14:00 . 2009-06-29 12:54 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-03 14:00 . 2009-06-29 12:54 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe 2009-07-03 14:00 . 2009-06-29 12:53 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-03 14:00 . 2009-06-29 12:53 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-07-03 14:00 . 2009-06-29 12:53 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll 2009-07-03 14:00 . 2009-06-29 12:53 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-07-03 14:00 . 2009-06-29 12:53 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-03 14:00 . 2009-06-29 12:53 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-03 13:58 . 2009-06-29 12:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-03 13:58 . 2009-06-29 12:50 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-06-23 19:03 . 2009-06-23 19:03 152576 ----a-w- c:\documents and settings\Michelle Hammann\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\Michelle Hammann\Local Settings\Application Data\Unity 2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\program files\Unity 2009-06-11 18:44 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 18:44 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 01:44 . 2009-03-10 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\temp 2009-07-09 03:23 . 2009-02-20 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-03 13:59 . 2008-06-11 16:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 12:54 . 2008-06-11 16:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 12:54 . 2007-02-19 18:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-23 19:06 . 2003-12-15 12:02 -------- d-----w- c:\program files\Java 2009-06-15 07:04 . 2008-09-11 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-08 15:41 . 2009-05-22 19:30 -------- d-----w- c:\program files\MSECache 2009-05-23 18:09 . 2008-04-11 02:08 -------- d-----w- c:\program files\Safari 2009-05-23 18:06 . 2009-05-23 18:06 -------- d-----w- c:\program files\Bonjour 2009-05-20 21:12 . 2007-11-14 13:44 -------- d-----w- c:\program files\Coupons 2009-05-17 05:49 . 2004-02-12 14:28 -------- d-----w- c:\program files\Google 2009-05-15 20:03 . 2008-09-08 17:03 -------- d-----w- c:\program files\oDesk 2009-05-13 05:15 . 2004-02-06 22:05 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-11 13:25 . 2008-06-11 16:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-04-15 18:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-29 14:24 . 2005-06-29 14:24 774144 -c--a-w- c:\program files\RngInterstitial.dll 2004-11-28 20:26 . 2004-11-28 20:25 13642752 -c--a-w- c:\program files\WP11SP1DOEM.msp . ((((((((((((((((((((((((((((( SnapShot@2009-07-10_01.27.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-10 01:42 . 2009-07-10 01:42 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [2005-05-09 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185632] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "Prefs"="c:\progra~1\oDesk\oDeskLaunch.exe" [2009-05-14 357696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "MSDRV"="NetFilter.exe" - c:\windows\SYSTEM32\NetFilter.exe [2009-07-10 159744] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-15 24576] DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2005-5-17 462848] Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2005-5-18 442368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-29 12:54 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= "c:\\WINDOWS\\SYSTEM32\\javaw.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/11/2008 12:16 PM 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/11/2008 12:16 PM 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/31/2008 8:49 AM 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2008 12:16 PM 298776] S2 gupdate1c993b2e10f4b6c;Google Update Service (gupdate1c993b2e10f4b6c);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 7:28 PM 133104] --- Other Services/Drivers In Memory --- Deregistered - NDISRD [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-07-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 13:54] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27] 2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun.cab DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} - hxxp://www.imagestation.com/common/classes/ISUSPrintActiveX.cab DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab FF - ProfilePath - c:\documents and settings\Michelle Hammann\Application Data\Mozilla\Firefox\Profiles\9wmqo51c.default\ FF - prefs.js: browser.search.selectedEngine - The Free Dictionary FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-09 23:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2009-07-10 23:24 ComboFix-quarantined-files.txt 2009-07-10 03:23 ComboFix2.txt 2009-07-10 01:36 Pre-Run: 27,286,683,648 bytes free Post-Run: 27,274,829,824 bytes free 187 --- E O F --- 2009-06-15 07:04 Upload was successful

07-10-2009, 12:56 AM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? Hi, Please do the following: Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. NEXT Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Run an on-line scan with Kaspersky Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply In your next reply please include MBAM Log Kaspersky report Also, please describe how your computer is running now and if there are any outstanding issues. __________________ ASAP & UNITE Member

07-10-2009, 11:09 AM	#7 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	Re: I think I have a Trojan type virus? Reports below. Thank you!! Malwarebytes' Anti-Malware 1.38 Database version: 2402 Windows 5.1.2600 Service Pack 3 7/10/2009 8:04:56 AM mbam-log-2009-07-10 (08-04-56).txt Scan type: Quick Scan Objects scanned: 100792 Time elapsed: 10 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Files Infected: c:\program files\common files\uninstall\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, July 10, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, July 10, 2009 11:32:24 Records in database: 2456303 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 136568 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 04:12:41 File name / Threat name / Threats count C:\WINDOWS\Downloaded Installations\{947CE1EC-E178-4E36-B91A-D173F41B7AE2}\Sunbelt CounterSpy.msi Infected: Trojan.Win32.KillAV.bgg 1 The selected area was scanned.

07-10-2009, 12:31 PM	#8 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? hi, Please do the following: Go Start > Run and copy/paste the following single-line command into the Run box and click OK: Code: cmd /c del /f/a/q "C:\WINDOWS\Downloaded Installations\{947CE1EC-E178-4E36-B91A-D173F41B7AE2}\Sunbelt CounterSpy.msi" NEXT Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues __________________ ASAP & UNITE Member

07-10-2009, 05:16 PM	#10 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? Hi, Please do the following: Visit ADOBEand download the latest version of Acrobat Reader (version 9.1) Having the latest updates ensures there are no security vulnerabilities in your system. NEXT Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT You can delete the DDS and GMER folders from your desktop. NEXT Follow these steps to uninstall Combofix Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE For Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. __________________ ASAP & UNITE Member

07-10-2009, 07:21 PM	#11 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	Re: I think I have a Trojan type virus? Thanks again! When I tried to unistall combofix, I followed your instructions. When I typed the prompt in the run box and hit ok it a box popped up and ask to run the program?? Is that right? Michelle

07-10-2009, 08:02 PM	#12 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? No, it should have uninstalled combo fix. Just right click the icon and choose delete __________________ ASAP & UNITE Member

07-11-2009, 08:52 AM	#13 (permalink)
nicdan Registered User Join Date: Oct 2005 Posts: 76 OS: xp	Re: I think I have a Trojan type virus? Thank you! You are the best! Michelle

07-11-2009, 02:34 PM	#14 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,985 OS: XP sp3	Re: I think I have a Trojan type virus? Hi, we need to set a new restore point as ComboFix didn't uninstall properly to set one, so please do the following: System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points We need to set a new system restore point: Click Start > Run > copy and paste the following into the run box: %SystemRoot%\System32\restore\rstrui.exe Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close. Now remove all previous Restore Points: Click Start > Run > copy and paste the following into the run box: cleanmgr At the top, click on More Options tab. Click the Clean up button in the System Restore box. Click on the Yes button. When finished, click on Cancel button to exit. Stay safe. ~CB __________________ ASAP & UNITE Member