What do you do when you cannot get rid of viruses?

Status
Not open for further replies.
Ok so I know I am spamming my thread, but I am on my computer now. I have absolutely nothing but my background picture. I figured out that control alt delete worked so I clicked run and typed firefox.exe so now I am on the internet. That combofix program deleted something that loads all of my components or something, I am considering running it again but hope that you write back first. I really hope it did not mess up my machine :(


Ok so now I am feeling confident and remembering things from a long time ago, I checked and explorer.exe was in fact there, so I removed it and re added it and boom my task bar and icons popped up. I am going to give combofix one more shot, only from safe mode this time. Hope that is ok :)
 
The first time, no. So I have done all three and have 3 logs to copy and paste. I did the quick scan and plan on starting a thorough scan once you tell me to because it takes a few hours. Combofix and Malwarebytes quick scan were both through safe mode. I found that even in safe mode I had to delete explorer.exe everytime and re add it to get my icons and task bar. But after the quick scan and reboot into regular mode I had everything, I bet those 3 pesky viruses are still there. The weird thing is I hadn't opened IE in years, but yet the viruses are there, I also saw there is a fake iexplore.exe virus online too. Anywho, here are the three logs.

ComboFix 10-02-10.01 - April 02/10/2010 18:09:08.8.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1619 [GMT -5:00]
Running from: c:\documents and settings\April\My Documents\Downloads\ComboFix.exe
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\ctfmon.exe.tmp
.
---- Previous Run -------
.
c:\documents and settings\April\Application Data\Google\T-Scan
c:\documents and settings\April\Application Data\inst.exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\rundll32 .exe
c:\windows\system32\ssprs.dll
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_SEAGATE
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-10 18:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-10 17:26 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-10 15:56 . 2010-02-10 16:05 -------- d-----w- c:\program files\Exterminate It!
2010-02-10 06:37 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-10 06:37 . 2010-02-10 06:37 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-10 06:37 . 2010-02-10 06:37 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-10 06:37 . 2010-02-10 06:37 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-10 06:37 . 2010-02-10 06:37 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-10 06:37 . 2010-02-10 06:37 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-10 06:37 . 2010-02-10 06:37 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-10 06:37 . 2010-02-10 06:37 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-10 06:36 . 2010-02-10 06:36 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-10 06:36 . 2010-02-10 06:36 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-10 06:36 . 2010-02-10 06:36 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-10 06:36 . 2010-02-10 06:36 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-10 06:36 . 2010-02-10 06:36 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-10 06:36 . 2010-02-10 06:36 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-10 06:36 . 2010-02-10 06:36 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-10 06:36 . 2010-02-10 06:36 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-10 06:36 . 2010-02-10 06:36 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-10 06:36 . 2010-02-10 06:36 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-10 06:34 . 2010-02-10 06:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-10 06:28 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-10 06:25 . 2010-02-10 06:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-10 01:49 . 2010-02-10 01:49 0 ----a-w- c:\windows\Rlosecaba.bin
2010-02-10 01:49 . 2010-02-10 01:49 120 ----a-w- c:\windows\Ctotabuyutomobu.dat
2010-02-10 01:49 . 2010-02-10 01:49 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\{07E88A6D-9142-42B0-80A9-6062F188F3FB}
2010-02-10 00:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 00:37 . 2010-02-10 17:00 -------- d-----w- c:\program files\SCANNER
2010-02-10 00:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 21:28 . 2010-02-09 22:02 -------- d-----w- C:\$AVG
2010-02-09 21:06 . 2010-02-10 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-09 20:56 . 2010-02-09 20:59 1048 ----a-w- c:\documents and settings\All Users\Application Data\fiosejgfse.dll
2010-02-06 22:16 . 2008-05-06 06:01 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-02-06 22:16 . 2008-05-06 06:01 16512 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-02-06 22:15 . 2010-02-08 04:39 -------- d-----w- c:\program files\RapidBIT
2010-02-06 22:07 . 2010-02-06 22:16 -------- d-----w- c:\program files\ImTOO
2010-02-06 22:04 . 2010-02-06 22:04 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\HandBrake
2010-02-06 22:04 . 2010-02-06 22:04 -------- d-----w- c:\documents and settings\April\Application Data\HandBrake
2010-02-06 22:04 . 2010-02-07 23:45 -------- d-----w- c:\program files\Handbrake
2010-02-04 04:49 . 2010-02-07 23:48 -------- d-----w- c:\program files\Xobni
2010-02-04 04:48 . 2010-02-04 04:48 -------- d-----w- c:\program files\The Weather Channel FW
2010-02-04 04:48 . 2010-02-04 04:48 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\The Weather Channel
2010-01-19 01:31 . 2010-01-19 01:31 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\Flickr
2010-01-19 01:31 . 2010-01-19 01:31 -------- d-----w- c:\documents and settings\April\Application Data\Flickr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:40 . 2008-08-05 01:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-10 21:14 . 2009-01-15 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 21:04 . 2007-11-26 17:36 -------- d-----w- c:\program files\Microsoft Works
2010-02-10 06:48 . 2007-12-29 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 06:28 . 2007-12-27 17:56 -------- d-----w- c:\program files\Lavasoft
2010-02-10 06:28 . 2007-12-27 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-10 05:58 . 2009-10-21 19:38 -------- d-----w- c:\program files\Imagenomic
2010-02-10 01:47 . 2004-08-10 17:51 55808 ----a-w- c:\windows\system32\rundll32.exe
2010-02-10 01:30 . 2010-02-09 20:08 8 ----a-w- c:\documents and settings\All Users\Application Data\mswintmp.dat
2010-02-10 01:29 . 2009-12-20 04:37 -------- d-----w- c:\program files\PeerBlock
2010-02-10 01:17 . 2008-12-06 21:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-10 00:04 . 2009-12-08 01:44 -------- d-----w- c:\documents and settings\April\Application Data\uTorrent
2010-02-09 21:24 . 2008-12-07 01:00 -------- d-----w- c:\program files\AVG
2010-02-07 00:17 . 2008-05-10 20:19 -------- d-----w- c:\program files\AVS4YOU
2010-02-07 00:17 . 2008-05-10 20:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-06 22:17 . 2009-06-26 19:57 -------- d-----w- c:\documents and settings\April\Application Data\ImTOO Software Studio
2010-02-04 18:55 . 2008-05-10 20:20 -------- d-----w- c:\documents and settings\April\Application Data\AVS4YOU
2010-02-04 18:55 . 2007-12-25 19:30 89672 ----a-w- c:\documents and settings\April\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 06:24 . 2009-11-10 01:26 -------- d-----w- c:\program files\VS Revo Group
2010-01-30 06:23 . 2007-12-27 20:16 -------- d-----w- c:\program files\FrostWire
2010-01-14 21:49 . 2007-12-31 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-05 01:00 . 2009-07-04 02:49 256 ----a-w- c:\windows\system32\pool.bin
2009-12-31 16:50 . 2004-08-10 17:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 16:33 . 2007-11-26 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 16:33 . 2009-12-28 16:33 -------- d-----w- c:\program files\Sonic
2009-12-28 16:21 . 2009-12-28 16:21 10134 ----a-r- c:\documents and settings\April\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2009-12-28 16:20 . 2009-12-28 16:20 -------- d-----w- c:\program files\Sony
2009-12-28 16:19 . 2009-12-28 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-12-25 16:35 . 2009-10-31 00:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 16:33 . 2009-12-25 16:33 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-25 16:33 . 2009-10-31 00:32 6969680 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagJuniorPlugin.exe
2009-12-25 16:33 . 2009-12-25 16:33 3106632 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe
2009-12-24 02:10 . 2009-08-25 16:38 -------- d-----w- c:\program files\JL_Cmder
2009-12-17 19:29 . 2009-07-03 22:21 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-12-16 18:43 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 01:20 . 2009-12-15 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-12-15 01:18 . 2007-12-25 19:30 -------- d-----w- c:\documents and settings\April\Application Data\InstallShield
2009-12-14 07:08 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-10 17:51 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 02:49 . 2009-12-08 02:49 42501 ----a-w- c:\windows\system32\unins000.dat
2009-12-08 02:49 . 2009-12-08 02:49 691717 ----a-w- c:\windows\system32\unins000.exe
2009-12-04 18:22 . 2004-08-10 17:51 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 17:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-10 17:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-01-11 22:45 . 2008-01-09 07:32 88 --sh--r- c:\windows\system32\5EE5F9063E.sys
2008-01-11 22:48 . 2008-01-09 07:29 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-19 22:08 . 2008-11-02 06:22 953 --sha-w- c:\windows\system32\mmf.sys
.
Code: 
<pre>
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\SCANNER\scan me  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\The Weather Channel FW\Desktop\desktopweather .exe
c:\windows\pchealth\helpctr\binaries\msconfig .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spb Backup Sync.lnk]
backup=c:\windows\pss\Spb Backup Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\April\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=c:\windows\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveMultiwallpaper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHider
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPrivacy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShutterflyStudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\solixa
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%PROVIDERID%]
bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 23:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 06:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-03-11 17:54 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-01-21 05:15 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 14:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
c:\progra~1\AVG\AVG8\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddexpshare.exe]
c:\docume~1\April\LOCALS~1\Temp\ddexpshare.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
c:\program files\DropBox\DropBox\DropBox.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoTrusted]
c:\program files\GoTrusted.com\GoTrusted Secure Tunnel\GoTrusted Secure Tunnel.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\Windows Live\Messenger\msnmsgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Paladin Antivirus]
c:\program files\Paladin Antivirus\pav.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-16 03:54 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-17 01:38 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-08 01:44 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUtilities Quick Launcher]
c:\program files\WinUtilities\WO.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SQLWriter"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2010 1:37 AM 64288]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [12/28/2007 4:36 PM 6097]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [11/2/2008 1:22 AM 2560]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 288112]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\flyusb.sys [10/30/2009 7:28 PM 18560]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [12/19/2009 11:37 PM 14424]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [12/28/2007 4:36 PM 299923]
S3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [10/12/2007 8:07 AM 55808]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys --> c:\windows\system32\DRIVERS\TM_CFW.sys [?]
S4 TmPfw;Trend Micro Personal Firewall; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/13/2009 2:37 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:36]

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:36]

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:36]

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:36]

2010-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:36]

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://myspace.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\documents and settings\April\Application Data\Mozilla\Firefox\Profiles\4v3ntub2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - ebay.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {07E88A6D-9142-42B0-80A9-6062F188F3FB} - c:\documents and settings\April\Local Settings\Application Data\{07E88A6D-9142-42B0-80A9-6062F188F3FB}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SharedTaskScheduler-{90576057-2d55-41ec-9d13-02ca35c04c8d} - c:\windows\system32\rezubeza.dll
SSODL-numatorij-{90576057-2d55-41ec-9d13-02ca35c04c8d} - c:\windows\system32\rezubeza.dll
AddRemove-AntiVirus Plus - c:\documents and settings\April\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
AddRemove-Lexmark Z700-P700 Series - c:\windows\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-10 18:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-609751233-897265773-14882807-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E84D6D67-2C2F-766B-43A8-C966CAA1314F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eadjgdfcbn"=hex:66,61,6e,6b,62,6b,65,6c,64,66,66,68,00,31
"daajjeof"=hex:64,62,70,6b,6b,6f,66,6f,62,6a,64,6a,6f,69,6c,6e,64,6c,69,67,63,
62,62,6f,61,64,61,62,62,62,62,6a,6a,69,6c,69,6e,6b,70,6f,00,00
"iallemcdijlfngnbco"=hex:6a,61,69,6f,65,6e,6d,68,63,6b,6f,67,6c,69,61,68,62,6a,
62,64,00,00
"haflkncodecimlom"=hex:6a,61,69,6f,65,6e,6d,68,63,6b,6f,67,6c,69,61,68,62,6a,
62,64,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:24,74,64,6d,56,f4,91,89,c0,54,8f,16,10,c1,c8,76,b5,85,0b,26,be,
5e,11,6a,ab,d5,3c,de,96,82,68,8a,f5,17,3c,05,0e,80,6e,06,3c,60,40,71,d7,14,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:24,74,64,6d,56,f4,91,89,c0,54,8f,16,10,c1,c8,76,b5,85,0b,26,be,
5e,11,6a,ab,d5,3c,de,96,82,68,8a,f5,17,3c,05,0e,80,6e,06,3c,60,40,71,d7,14,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(412)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
.
Completion time: 2010-02-10 18:18:46
ComboFix-quarantined-files.txt 2010-02-10 23:18
ComboFix2.txt 2008-12-07 16:52
ComboFix3.txt 2008-12-07 02:06
 
Pre-Run: 152,759,447,552 bytes free
Post-Run: 152,711,598,080 bytes free

- - End Of File - - ADB8251B4002641144623A17F373DFA1


Malwarebytes' Anti-Malware 1.44
Database version: 3722
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18372

2/10/2010 6:26:12 PM
mbam-log-2010-02-10 (18-26-12).txt

Scan type: Quick Scan
Objects scanned: 150113
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:28 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = MySpace
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198897468875
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O24 - Desktop Component 0: (no name) - http://jade-creations.com/AprilChambeau1-Madison1.jpg

--
End of file - 6694 bytes
 
Done :)

Here ya go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:30 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = MySpace
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198897468875
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O24 - Desktop Component 0: (no name) - http://jade-creations.com/AprilChambeau1-Madison1.jpg

--
End of file - 6372 bytes
 
Remove

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)


I also recommend you updating to AVG 9

AVG Free - Download installation files & documentation


Then Id like to have you run Combofix again and Malwarebytes, post their logs and a new hijackthis log just to make sure you are clean. Make sure you reboot first before running these last scans
 
Status
Not open for further replies.

Similar threads

Captain Xarzu
How do I ensure I properly get text alerts on my Android phone?
Replies
2
Views
890
Joe C
Joe C
B
i keep getting an alert from AVG every minute or so. super annoying!
2
Replies
18
Views
2K
alyssa.robert235
A
A
Getting Rid of Cable TV
2
Replies
10
Views
3K
JoeyStyles
JoeyStyles
D
"could not parse error", what should i do?
Replies
1
Views
1K
petergroft29
P
S
Would it benefit me joining Discord chat groups?
Replies
0
Views
898
Scissorman
S
Back
Top Bottom