Jump to content


Photo

Had a pop-up and computer is super slow


  • This topic is locked This topic is locked
18 replies to this topic

#1 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 02 December 2009 - 02:42 AM

My computer is generally on the slow side but the last two days have been unusually slow. I had a pop up yesterday saying a virus was detected and it was going to run a free anti-spyware program. Sypot detected and removed a RightMedia file yesterday. AVG Anti-Virus free does not detect anything. Thank you for your time.

Here are both the HiJack and Malware logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:38 PM, on 12/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.co...wareControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132528111218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183706147828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11563 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 3269
Windows 5.1.2600 Service Pack 3

12/1/2009 11:26:47 PM
mbam-log-2009-12-01 (23-26-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 268454
Time elapsed: 2 hour(s), 22 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Again, thanks!

#2 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 02 December 2009 - 01:00 PM

Looks like my browser was tried to take me to scanserviceworld this morning....AVG stopped it.

#3 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 03 December 2009 - 04:19 PM

Another popup today - message said:

Warning!! Your personal computer needs to install antivirus software. Personal Security can perform fast and free virus and malicious software scan of your computer.

AVG did not stop it this time.

#4 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 04 December 2009 - 03:27 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 05 December 2009 - 10:05 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 05 December 2009 - 04:58 PM

ComboFix 09-12-04.05 - Virtual Assistant 12/05/2009 12:32.4.1 - x86
Running from: c:\documents and settings\Virtual Assistant\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-05_15-10_f20-gmigug11.log
c:\documents and settings\xolotl\My Documents\mspaint.exe
C:\Thumbs.db
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\dumphive.exe
c:\windows\system32\fkaprxlw.ini
c:\windows\system32\hjllm.tmp
c:\windows\system32\hjllm.tmp2
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\wlmdpmoh.ini

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-08 18:56 . 2009-12-08 18:56 -------- d-----w- c:\documents and settings\Virtual Assistant\Local Settings\Application Data\Mozilla
2009-12-05 17:40 . 2009-12-05 20:31 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-12-01 22:24 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:24 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:24 . 2009-12-01 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 18:54 . 2009-11-20 18:54 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-11-20 17:02 . 2009-11-16 02:16 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-20 17:02 . 2009-11-16 02:16 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-20 17:00 . 2009-11-16 02:15 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 17:00 . 2009-11-16 02:15 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-16 02:26 . 2009-10-16 20:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-16 02:18 . 2009-11-17 01:22 -------- dc----w- C:\$AVG
2009-11-16 02:17 . 2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 02:17 . 2009-11-16 02:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-16 02:16 . 2009-11-16 02:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-16 02:16 . 2009-11-16 02:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-16 02:16 . 2009-12-05 17:27 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-16 02:16 . 2009-11-16 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\program files\AVG
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-16 01:30 . 2009-11-16 01:33 1604 -csh--r- C:\AVG6DB_N.DAT
2009-11-08 17:46 . 2009-11-08 17:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-05 23:24 . 2009-12-05 20:20 -------- d-----w- c:\documents and settings\Virtual Assistant\Tracing
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Microsoft
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-05 23:10 . 2009-11-05 23:10 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 20:25 . 2009-03-03 22:24 -------- d-----w- c:\program files\Free Music Zilla
2009-12-02 07:52 . 2003-10-11 12:16 -------- d-----w- c:\program files\Quicken
2009-11-16 01:18 . 2005-11-20 02:39 -------- d-----w- c:\program files\SpywareBlaster
2009-11-08 18:06 . 2007-04-05 23:38 -------- d-----w- c:\program files\iTunes
2009-11-08 18:04 . 2006-09-13 15:38 -------- d-----w- c:\program files\iPod
2009-11-08 18:04 . 2007-06-29 15:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 17:02 . 2006-09-13 15:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-05 23:17 . 2008-11-12 03:51 -------- d-----w- c:\program files\Windows Live
2009-11-05 17:10 . 2009-11-05 17:10 15240 ----a-w- c:\documents and settings\Virtual Assistant\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-11-02 23:16 . 2007-07-01 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-11-02 23:10 . 2009-10-13 21:36 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-02 23:03 . 2009-02-12 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-11-02 23:02 . 2008-09-13 09:40 -------- d-----w- c:\program files\Research In Motion
2009-11-02 23:00 . 2009-02-07 17:25 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-02 17:06 . 2008-09-13 10:45 256 ----a-w- c:\windows\system32\pool.bin
2009-10-19 19:53 . 2009-08-05 19:13 -------- d-----w- c:\documents and settings\Virtual Assistant\Application Data\Apple Computer
2009-10-14 16:19 . 2009-10-14 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-13 22:09 . 2009-10-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 22:00 . 2009-10-13 21:59 -------- d-----w- c:\program files\QuickTime
2009-10-13 21:36 . 2009-10-13 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-07 15:10 . 2004-08-27 23:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 14:18 . 2003-10-31 20:06 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-09-25 21:44 . 2007-09-25 21:44 589496 ----a-w- c:\program files\AmazonMP3Installer.exe
2006-02-17 17:27 . 2006-02-17 17:27 958504 ----a-w- c:\program files\phodstream.exe
2004-12-29 03:49 . 2004-12-29 03:49 10495520 ----a-w- c:\program files\RealPlayer10-5GOLD_bb.exe
2002-06-27 19:58 . 2002-06-27 19:58 41389 ----a-w- c:\program files\lxaxsdrv.cat
2002-05-16 06:28 . 2002-05-16 06:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 10:57 . 2002-05-15 10:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 06:30 . 2002-04-02 06:30 8494 ----a-w- c:\program files\lxaxsdrv.inf
2002-03-15 14:36 . 2002-03-15 14:36 4179 ----a-w- c:\program files\lxaxsdrv.gpd
2000-12-12 19:17 . 2000-12-14 02:22 100432 ------w- c:\program files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Virtual Assistant\Application Data\mjusbsp\cdloader2.exe MAGICJACK" [X]
"XSC SIP Client"="c:\program files\X-PRO Vonage\X-PRO-Vonage.exe" [2005-03-29 3547136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG_CC"="c:\program files\Grisoft\AVG6\avgcc32.exe" [2005-01-22 372281]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-16 2020120]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Virtual Assistant\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:MJ2

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/15/2009 6:16 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/15/2009 6:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/15/2009 6:15 PM 285392]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [12/21/2004 8:59 PM 79616]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 mrtRate;mrtRate; [x]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 9:00 AM 17976]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]

2009-12-05 c:\windows\Tasks\User_Feed_Synchronization-{66E0D0B4-433C-45B6-88F8-470E52E29E2E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RecordNow! - (no file)
AddRemove-Amazon MP3 Downloader - g:\my music\Uninstall.exe
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 13:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\NTMARTA.DLL
.
Completion time: 2009-12-05 13:39
ComboFix-quarantined-files.txt 2009-12-05 21:39
ComboFix2.txt 2008-09-27 00:47

Pre-Run: 72,256,151,552 bytes free
Post-Run: 73,013,510,144 bytes free

- - End Of File - - B6F4F631489D12B7F077CB0D5804A23A

Logfile of HijackThis v1.99.1
Scan saved at 1:48:46 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-PRO Vonage\X-PRO-Vonage.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Virtual Assistant\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.co...wareControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132528111218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183706147828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Thanks again!

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 06 December 2009 - 09:39 AM

Open notepad and copy/paste the text in the quote box below into it:

DirLook::
c:\documents and settings\xolotl

DEQUARANTINE::
C:\Qoobox\Quarantine\C\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\qoobox\quarantine\c\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-05_15-10_f20-gmigug11.log.vir
QUIT::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

Let me know what problem persists.

p.s.
You still have an old version of HijackThis which you used to submit your latest log.
Remove this version via tha Add/Remove Programs list 1.91 version.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 07 December 2009 - 04:13 PM

Thanks, Nasdaq. I will remove it now. I followed the instructions and am posting a new Combofix log (wasn't sure if you needed it) - if you need a new Hijack This too, let me know and I will post it as well. I haven't had any pop-ups since the last one I posted. And the machine seems to be running much better.

Thanks for you all the help.

ComboFix 09-12-06.A3 - Virtual Assistant 12/07/2009 12:15.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.225 [GMT -8:00]
Running from: c:\documents and settings\Virtual Assistant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Virtual Assistant\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-08 18:56 . 2009-12-08 18:56 -------- d-----w- c:\documents and settings\Virtual Assistant\Local Settings\Application Data\Mozilla
2009-12-01 22:24 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:24 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:24 . 2009-12-01 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 18:54 . 2009-11-20 18:54 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-11-20 17:02 . 2009-11-16 02:16 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-20 17:02 . 2009-11-16 02:16 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-20 17:00 . 2009-11-16 02:15 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 17:00 . 2009-11-16 02:15 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-16 02:26 . 2009-10-16 20:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-16 02:18 . 2009-11-17 01:22 -------- dc----w- C:\$AVG
2009-11-16 02:17 . 2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 02:17 . 2009-11-16 02:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-16 02:16 . 2009-11-16 02:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-16 02:16 . 2009-11-16 02:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-16 02:16 . 2009-12-07 19:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-16 02:16 . 2009-11-16 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\program files\AVG
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-16 01:30 . 2009-11-16 01:33 1604 -csh--r- C:\AVG6DB_N.DAT
2009-11-08 17:46 . 2009-11-08 17:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 19:22 . 2009-03-03 22:24 -------- d-----w- c:\program files\Free Music Zilla
2009-12-07 19:08 . 2003-10-11 12:16 -------- d-----w- c:\program files\Quicken
2009-11-16 01:18 . 2005-11-20 02:39 -------- d-----w- c:\program files\SpywareBlaster
2009-11-08 18:06 . 2007-04-05 23:38 -------- d-----w- c:\program files\iTunes
2009-11-08 18:04 . 2006-09-13 15:38 -------- d-----w- c:\program files\iPod
2009-11-08 18:04 . 2007-06-29 15:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 17:02 . 2006-09-13 15:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Microsoft
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-05 23:17 . 2008-11-12 03:51 -------- d-----w- c:\program files\Windows Live
2009-11-05 23:10 . 2009-11-05 23:10 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-05 17:10 . 2009-11-05 17:10 15240 ----a-w- c:\documents and settings\Virtual Assistant\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-11-02 23:16 . 2007-07-01 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-11-02 23:10 . 2009-10-13 21:36 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-02 23:03 . 2009-02-12 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-11-02 23:02 . 2008-09-13 09:40 -------- d-----w- c:\program files\Research In Motion
2009-11-02 23:00 . 2009-02-07 17:25 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-02 17:06 . 2008-09-13 10:45 256 ----a-w- c:\windows\system32\pool.bin
2009-10-19 19:53 . 2009-08-05 19:13 -------- d-----w- c:\documents and settings\Virtual Assistant\Application Data\Apple Computer
2009-10-14 16:19 . 2009-10-14 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-13 22:09 . 2009-10-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 22:00 . 2009-10-13 21:59 -------- d-----w- c:\program files\QuickTime
2009-10-13 21:36 . 2009-10-13 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 14:18 . 2003-10-31 20:06 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-09-25 21:44 . 2007-09-25 21:44 589496 ----a-w- c:\program files\AmazonMP3Installer.exe
2006-02-17 17:27 . 2006-02-17 17:27 958504 ----a-w- c:\program files\phodstream.exe
2004-12-29 03:49 . 2004-12-29 03:49 10495520 ----a-w- c:\program files\RealPlayer10-5GOLD_bb.exe
2002-06-27 19:58 . 2002-06-27 19:58 41389 ----a-w- c:\program files\lxaxsdrv.cat
2002-05-16 06:28 . 2002-05-16 06:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 10:57 . 2002-05-15 10:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 06:30 . 2002-04-02 06:30 8494 ----a-w- c:\program files\lxaxsdrv.inf
2002-03-15 14:36 . 2002-03-15 14:36 4179 ----a-w- c:\program files\lxaxsdrv.gpd
2000-12-12 19:17 . 2000-12-14 02:22 100432 ------w- c:\program files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
"XSC SIP Client"="c:\program files\X-PRO Vonage\X-PRO-Vonage.exe" [2005-03-29 3547136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"cdloader"="c:\documents and settings\Virtual Assistant\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG_CC"="c:\program files\Grisoft\AVG6\avgcc32.exe" [2005-01-22 372281]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-16 2020120]

c:\documents and settings\Virtual Assistant\Start Menu\Programs\Startup\
Free Music Zilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2009-3-3 732352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 14:07 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 09:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 12:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Virtual Assistant\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:MJ2

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/15/2009 6:16 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/15/2009 6:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/15/2009 6:15 PM 285392]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [12/21/2004 8:59 PM 79616]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 mrtRate;mrtRate; [x]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 9:00 AM 17976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\documents and settings\Owner\My Documents\System Utilities\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
AddRemove-iDEN WebJAL - c:\windows\IsUninst.exe -fc:\program files\Motorola\iDEN WebJAL\Uninst.isu
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu
AddRemove-Motorola USB Modem Installation - c:\windows\IsUninst.exe -fc:\program files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-07 12:58
ComboFix-quarantined-files.txt 2009-12-07 20:58
ComboFix2.txt 2009-12-05 21:39
ComboFix3.txt 2008-09-27 00:47

Pre-Run: 72,961,589,248 bytes free
Post-Run: 72,977,883,136 bytes free

- - End Of File - - 623CD0EA335733D49506469BF5F80ED1

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 07 December 2009 - 04:22 PM

You are looking good.

Was this folder in bold restored, or seen in Windows Explorer?

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup

Any persisting problems?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 07 December 2009 - 04:41 PM

I did a search for it and found it under c:\Quoobox\Quarantine....

I don't seem to have any problems now.

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 07 December 2009 - 07:33 PM

Glad to see that all is well.

The following folder and files were moved to the ComboFix Quarantine folder.

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup <- folder
c:\documents and settings\xolotl\My Documents\mspaint.exe <- file.

let see if we can restore them.

Please try this again. But make sure this time that the {AV: AVG Anti-Virus Free *On-access scanning enabled*} is diaable before you run this script.

How to : Disable Anti-virus and Firewall...
http://www.bleepingc...opic114351.html

Open notepad and copy/paste the text in the quote box below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\WLSetup
C:\Qoobox\Quarantine\C\Documents and Settings\xolotl\My Documents\mspaint.exe.vir
QUIT::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 December 2009 - 06:56 PM

ComboFix 09-12-06.A3 - Virtual Assistant 12/08/2009 13:48.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.241 [GMT -8:00]
Running from: c:\documents and settings\Virtual Assistant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Virtual Assistant\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 18:56 . 2009-12-08 18:56 -------- d-----w- c:\documents and settings\Virtual Assistant\Local Settings\Application Data\Mozilla
2009-12-01 22:24 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:24 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:24 . 2009-12-01 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 18:54 . 2009-11-20 18:54 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-11-20 17:02 . 2009-11-16 02:16 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-20 17:02 . 2009-11-16 02:16 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-20 17:00 . 2009-11-16 02:15 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 17:00 . 2009-11-16 02:15 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-16 02:26 . 2009-10-16 20:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-16 02:18 . 2009-11-17 01:22 -------- dc----w- C:\$AVG
2009-11-16 02:17 . 2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 02:17 . 2009-11-16 02:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-16 02:16 . 2009-11-16 02:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-16 02:16 . 2009-11-16 02:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-16 02:16 . 2009-12-08 01:06 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-16 02:16 . 2009-11-16 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\program files\AVG
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-16 01:30 . 2009-11-16 01:33 1604 -csh--r- C:\AVG6DB_N.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 21:43 . 2009-03-03 22:24 -------- d-----w- c:\program files\Free Music Zilla
2009-12-07 19:08 . 2003-10-11 12:16 -------- d-----w- c:\program files\Quicken
2009-11-16 01:18 . 2005-11-20 02:39 -------- d-----w- c:\program files\SpywareBlaster
2009-11-08 18:06 . 2007-04-05 23:38 -------- d-----w- c:\program files\iTunes
2009-11-08 18:04 . 2006-09-13 15:38 -------- d-----w- c:\program files\iPod
2009-11-08 18:04 . 2007-06-29 15:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 17:46 . 2009-11-08 17:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 17:02 . 2006-09-13 15:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Microsoft
2009-11-05 23:18 . 2009-11-05 23:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-05 23:17 . 2008-11-12 03:51 -------- d-----w- c:\program files\Windows Live
2009-11-05 23:10 . 2009-11-05 23:10 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-05 17:10 . 2009-11-05 17:10 15240 ----a-w- c:\documents and settings\Virtual Assistant\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-11-02 23:16 . 2007-07-01 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-11-02 23:10 . 2009-10-13 21:36 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-02 23:03 . 2009-02-12 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-11-02 23:02 . 2008-09-13 09:40 -------- d-----w- c:\program files\Research In Motion
2009-11-02 23:00 . 2009-02-07 17:25 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-02 17:06 . 2008-09-13 10:45 256 ----a-w- c:\windows\system32\pool.bin
2009-10-19 19:53 . 2009-08-05 19:13 -------- d-----w- c:\documents and settings\Virtual Assistant\Application Data\Apple Computer
2009-10-14 16:19 . 2009-10-14 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-13 22:09 . 2009-10-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-13 22:00 . 2009-10-13 21:59 -------- d-----w- c:\program files\QuickTime
2009-10-13 21:36 . 2009-10-13 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 14:18 . 2003-10-31 20:06 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-09-25 21:44 . 2007-09-25 21:44 589496 ----a-w- c:\program files\AmazonMP3Installer.exe
2006-02-17 17:27 . 2006-02-17 17:27 958504 ----a-w- c:\program files\phodstream.exe
2004-12-29 03:49 . 2004-12-29 03:49 10495520 ----a-w- c:\program files\RealPlayer10-5GOLD_bb.exe
2002-06-27 19:58 . 2002-06-27 19:58 41389 ----a-w- c:\program files\lxaxsdrv.cat
2002-05-16 06:28 . 2002-05-16 06:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 10:57 . 2002-05-15 10:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 06:30 . 2002-04-02 06:30 8494 ----a-w- c:\program files\lxaxsdrv.inf
2002-03-15 14:36 . 2002-03-15 14:36 4179 ----a-w- c:\program files\lxaxsdrv.gpd
2000-12-12 19:17 . 2000-12-14 02:22 100432 ------w- c:\program files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
"XSC SIP Client"="c:\program files\X-PRO Vonage\X-PRO-Vonage.exe" [2005-03-29 3547136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"cdloader"="c:\documents and settings\Virtual Assistant\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG_CC"="c:\program files\Grisoft\AVG6\avgcc32.exe" [2005-01-22 372281]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-16 2020120]

c:\documents and settings\Virtual Assistant\Start Menu\Programs\Startup\
Free Music Zilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2009-3-3 732352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-16 02:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 14:07 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 09:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 12:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Virtual Assistant\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:MJ2

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/15/2009 6:16 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/15/2009 6:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/15/2009 6:15 PM 285392]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [12/21/2004 8:59 PM 79616]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 mrtRate;mrtRate; [x]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 9:00 AM 17976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-08 14:20
ComboFix-quarantined-files.txt 2009-12-08 22:20
ComboFix2.txt 2009-12-07 20:58
ComboFix3.txt 2009-12-05 21:39
ComboFix4.txt 2008-09-27 00:47

Pre-Run: 72,886,243,328 bytes free
Post-Run: 72,917,872,640 bytes free

- - End Of File - - 863571095BE42A6215BE992BA73AEFDD

Thanks!

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 09 December 2009 - 08:54 AM

Your log is clean.

Any remaining problems?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 09 December 2009 - 12:54 PM

No problems - once again, thank you so much for your help !

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 09 December 2009 - 03:30 PM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 December 2009 - 02:35 PM

I have done this - thank you!

#17 Janette

Janette

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 16 December 2009 - 01:11 PM

Ok - done!

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 16 December 2009 - 04:39 PM

Glad we could help.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 30 December 2009 - 10:38 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button