Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Need Help
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Network, good; Internet, bad
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Virus? (In Progress)

Page 1 of 4 1 234
Reply  
Thread Tools
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
11-Mar-2010, 08:04 PM #1
Virus?
I get 2 messages warning when my computer starts

d:\docume~1\del\locals~1\temp\svchost.com

and

D:\windows\system32\fdisk.com

What could be the causes.?
How do i rectify this.?

Any help much appreciated
Register for free to hide this ad!
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
11-Mar-2010, 08:21 PM #2
Go here and click the green icon to download and save HijackThis 2.0.2.

After it's downloaded and saved, close all open windows, then install it in its default location.

After it's installed, run a scan with it - which will take 30 seconds or less.

After the scan finishes, save the resulting log in Notepad.

Return here to your thread, then copy-and-paste the entire log here.

----------------------------------------------------------------
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
12-Mar-2010, 05:20 AM #3
Thanks. Will do ,
dhanushkapg's Avatar
Junior Member with 15 posts.
  
Join Date: Feb 2010
Location: Sri Lanka
Experience: Advanced
12-Mar-2010, 05:42 AM #4
use MS Security essentials and AVast.
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
12-Mar-2010, 07:12 PM #5
I just ran the scan with the Hijack this and am attaching the results. Thanks for your help thus far. Appreciate you guiding me through the next steps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:46 AM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Freetrojan\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\PC Tools AntiVirus\PCTAV.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\DLA\DLACTRLW.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
D:\Documents and Settings\Dell\Application Data\Dropbox\bin\Dropbox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/laun...=3r2v5vjp7su1e
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8181
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=explorer.exe D:\WINDOWS\system32\fdisk.com
F3 - REG:win.ini: load=D:\DOCUME~1\Dell\LOCALS~1\Temp\svchost.com
F3 - REG:win.ini: run=D:\DOCUME~1\Dell\LOCALS~1\Temp\svchost.com
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\fdisk.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCTAVApp] "D:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DLA] D:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HotKey] D:\Documents and Settings\Dell\Templates\cache\SFCsrvc.pif
O4 - HKCU\..\Run: [User Agent] D:\DOCUME~1\Dell\LOCALS~1\Temp\svchost.com
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Dropbox.lnk = D:\Documents and Settings\Dell\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1237105511312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237105627218
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vjage.com/download/vjocx-en.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Freetrojan\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - D:\WINDOWS\system32\pr2agnqb.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10378 bytes
Phantom010's Avatar
Computer Specs
Trusted Advisor with 25,017 posts.
  
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
13-Mar-2010, 12:53 AM #6
Your computer is infected. Please click on Report and kindly ask to be moved to the Malware Removal & HijackThis Logs forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!
hitesh_beckham's Avatar
Junior Member with 18 posts.
  
Join Date: Mar 2010
13-Mar-2010, 01:12 AM #7
hijack this is the best bt if it does nt work u can repair ur os it vl surly rectify ur probzz
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
13-Mar-2010, 10:30 AM #8
Quote:
Originally Posted by Phantom010 View Post
Your computer is infected. Please click on Report and kindly ask to be moved to the Malware Removal & HijackThis Logs forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!
aquestion:

Your computer is definitely infected, as Phantom010 advised. I've reported your thread to the malware section for assistance by a malware expert. In the meantime, do the following:

Start HijackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.


---------------------------------------------------------------
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
13-Mar-2010, 06:25 PM #9
Thanks again. Here is the list of programs on my computer - followed what you asked me to do. .

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Bookworm Deluxe 1.03
Brian Lara International Cricket 2007
CA Yahoo! Anti-Spy (remove only)
Canon ScanGear Toolbox 3.0
Choice Guard
Compatibility Pack for the 2007 Office system
Cricket 2004
Critical Update for Windows Media Player 11 (KB959772)
CSI NY
Data Access Objects (DAO) 3.5
Dell Resource CD
getPlus(R) for Adobe
Harry Potter and the Goblet of Fire™
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 17
KICKNRUSH (remove only)
LEGO® Indiana Jones™
Logitech QuickCam
Logitech Updater
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Midnight Racing
Monopoly
Mozilla Firefox (3.6)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
OLYMPUS Master 2
OpenAL
P2P Tv Plugin
PC Tools AntiVirus 6.0
Post-it® Software Notes Lite
PowerDVD
Prison Tycoon 4
QuickTime
Red Faction
Red Faction II
Roll
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SigmaTel Audio
Skateboard Park Tycoon 2004
Skype Toolbars
Skype™ 4.2
SmartMusic 11
Sonic Update Manager
SpaceStationSim
Star Wars Battlefront
Star Wars Battlefront II
SUPERAntiSpyware Free Edition
Team Factor
Type to Learn 3 Home
Update for 2007 Microsoft Office System (KB967642)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VJOcx1.9
Warcraft III
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Zoo Tycoon 2 - Zookeeper Collection

Thanks again.

Regards
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
13-Mar-2010, 06:46 PM #10
aquestion:

Thanks for posting the HijackThis uninstall list.

Your thread is now in the "Malware Removal & HijackThis Logs" section, so you'll need to wait for assistance from a gold shield malware expert.

-------------------------------------------------------------
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,289 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
13-Mar-2010, 07:33 PM #11
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
__________________
Microsoft MVP - Consumer Security
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
13-Mar-2010, 09:45 PM #12
Here"s the Combofix log
ComboFix 10-03-13.01 - Dell 03/14/2010 9:16.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1601 [GMT 8:00]
Running from: d:\documents and settings\Dell\Desktop\puppy.exe.exe
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
d:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\Dell\Templates\cache
d:\documents and settings\Dell\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
d:\documents and settings\Dell\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
d:\documents and settings\Dell\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\tmp.db
d:\documents and settings\Dell\Templates\cache\desktop.ini
d:\documents and settings\Nandita\Templates\cache
d:\documents and settings\Nandita\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
d:\documents and settings\Nandita\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
d:\documents and settings\Nandita\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\tmp.db
d:\documents and settings\Nandita\Templates\cache\desktop.ini
d:\documents and settings\Pavan\Templates\cache
d:\documents and settings\Pavan\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
d:\documents and settings\Pavan\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\rcmd.ini
d:\documents and settings\Pavan\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\RemoteINF.exe
d:\documents and settings\Pavan\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
d:\documents and settings\Pavan\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\tmp.db
d:\documents and settings\Pavan\Templates\cache\desktop.ini
d:\windows\system32\_000023_.tmp.dll
d:\windows\system32\_000024_.tmp.dll
d:\windows\system32\_000025_.tmp.dll
d:\windows\system32\_000026_.tmp.dll
d:\windows\system32\_000027_.tmp.dll
d:\windows\system32\_000028_.tmp.dll
d:\windows\system32\_000029_.tmp.dll
d:\windows\system32\_000030_.tmp.dll
d:\windows\system32\_000031_.tmp.dll
d:\windows\system32\tmp57.tmp
d:\windows\TEMP\logishrd\LVPrcInj01.dll

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-13 05:21 . 2010-03-13 08:02 -------- d-----w- d:\documents and settings\Nandita\Application Data\skypePM
2010-03-13 05:21 . 2010-03-13 08:02 -------- d-----w- d:\documents and settings\Nandita\Application Data\Skype
2010-03-13 05:21 . 2010-03-13 05:21 -------- d-----w- d:\program files\Common Files\Skype
2010-03-12 23:06 . 2010-03-12 23:06 -------- d-----w- d:\program files\Trend Micro
2010-03-09 23:52 . 2010-03-10 01:43 -------- d-----w- d:\program files\a-squared Freetrojan
2010-03-08 23:51 . 2010-03-08 23:51 -------- d-----w- d:\program files\NaturalHealing
2010-03-08 23:46 . 2010-03-08 23:46 12 ----a-w- d:\windows\vmpdmPath.dat
2010-03-08 23:46 . 1997-01-13 05:42 37136 ----a-w- d:\windows\system32\msjint35.dll
2010-03-08 23:46 . 1996-12-02 10:44 24336 ----a-w- d:\windows\system32\msjter35.dll
2010-03-08 23:45 . 1996-08-21 09:08 269312 ----a-w- d:\windows\uninst.exe
2010-03-08 23:45 . 2010-03-08 23:45 -------- d-----w- d:\documents and settings\Dell\WINDOWS
2010-03-08 23:42 . 2010-03-08 23:42 -------- d-----w- d:\documents and settings\Dell\Application Data\www.homeopathyonline.org
2010-03-07 11:33 . 2010-03-10 11:03 14 ----a-w- d:\windows\popcinfo.dat
2010-02-21 02:14 . 2010-03-14 01:31 -------- d-----w- d:\documents and settings\Dell\Application Data\skypePM
2010-02-21 02:14 . 2010-02-21 02:14 48 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-21 02:08 . 2010-03-14 01:32 -------- d-----w- d:\documents and settings\Dell\Application Data\Skype
2010-02-21 02:07 . 2010-03-13 05:21 -------- d-----r- d:\program files\Skype
2010-02-21 02:07 . 2010-02-21 02:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 01:31 . 2009-11-02 00:32 -------- d-----w- d:\documents and settings\Dell\Application Data\Dropbox
2010-03-14 01:31 . 2009-03-14 17:08 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-14 01:30 . 2009-03-14 17:08 -------- d-----w- d:\program files\PC Tools AntiVirus
2010-03-13 22:16 . 2010-03-13 22:16 52224 ----a-w- d:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-13 22:16 . 2009-07-22 23:02 117760 ----a-w- d:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-09 22:06 . 2009-03-14 17:03 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-03-08 23:47 . 2009-03-14 16:52 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-03-04 02:20 . 2009-09-14 00:46 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-02-26 23:14 . 2009-11-02 00:33 91696 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 23:13 . 2010-02-26 23:13 13264416 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\Dropbox.exe
2010-02-15 09:07 . 2010-01-08 01:37 -------- d-----w- d:\documents and settings\Pavan\Application Data\Ubisoft
2010-02-15 09:07 . 2010-01-08 01:31 -------- d-----w- d:\documents and settings\Pavan\Application Data\MysteryStudio
2010-01-21 08:30 . 2010-01-21 08:29 -------- d-----w- d:\program files\iTunes
2010-01-21 08:29 . 2010-01-21 08:29 -------- d-----w- d:\program files\iPod
2010-01-21 08:29 . 2009-03-29 22:43 -------- d-----w- d:\program files\Common Files\Apple
2010-01-21 02:36 . 2009-04-19 03:49 -------- d-----w- d:\documents and settings\Dell\Application Data\Apple Computer
2009-12-16 06:42 . 2010-01-07 14:02 872960 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 06:42 . 2010-01-07 14:02 43008 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 06:42 . 2010-01-07 14:02 340480 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 06:41 . 2010-01-07 14:02 346624 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-09 2012912]
"OM2_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Google Update"="d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-08 135664]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"PCTAVApp"="d:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"OM2_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"LogitechCommunicationsManager"="d:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="d:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"DLA"="d:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-06 122940]
"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

d:\documents and settings\Nandita\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Pavan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Dell\Start Menu\Programs\Startup\
Dropbox.lnk - d:\documents and settings\Dell\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - d:\program files\3M\PSNLite\PsnLite.exe [2003-10-9 1622016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 13:43 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\battlerfront1\\GameData\\battlefront.exe"=
"d:\\Programs\\battlefrontII\\GameData\\BattlefrontII.exe"=
"d:\\Programs\\redf\\RedFaction.exe"=
"d:\\Programs\\redf\\rf.exe"=
"d:\\Programs\\Teamfactor\\tf.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programs\\Warcraft III\\Reign of Chaos\\Warcraft III.exe"=
"d:\\Program Files\\PC Tools AntiVirus\\PCTAV.exe"=
"d:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"d:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8608:TCP"= 8608:TCP:cpsrmexn

R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [3/15/2009 1:08 AM 130936]
R0 pe3agnqb;Cricket 2007 Environment Driver (pe3agnqb);d:\windows\system32\drivers\pe3agnqb.sys [3/4/2007 12:22 AM 65408]
R0 ps6agnqb;Cricket 2007 Synchronization Driver (ps6agnqb);d:\windows\system32\drivers\ps6agnqb.sys [3/4/2007 12:22 AM 51592]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 66632]
R2 a2free;a-squared Free Service;d:\program files\a-squared Freetrojan\a2service.exe [3/10/2010 7:52 AM 1858144]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S2 dvaelp;Driver Config;d:\windows\system32\svchost.exe -k netsvcs [8/12/2004 10:06 PM 14336]
S2 ejjtmapn;rmyotd;d:\windows\system32\svchost.exe -k netsvcs [8/12/2004 10:06 PM 14336]
S2 pr2agnqb;Cricket 2007 Drivers Auto Removal (pr2agnqb);d:\windows\system32\pr2agnqb.exe svc --> d:\windows\system32\pr2agnqb.exe svc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ejjtmapn
dvaelp
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-789336058-725345543-1004Core.job
- d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:06]

2010-03-14 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-789336058-725345543-1004UA.job
- d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=3r2v5vjp7su1e
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|https://mail.google.com/mail/?source...f&shva=1#inbox
FF - component: d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: d:\documents and settings\Dell\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 09:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dvaelp]
"ServiceDll"="d:\windows\system32\selky.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ejjtmapn]
"ServiceDll"="d:\windows\system32\selky.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(712)
d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(7480)
d:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\program files\PC Tools AntiVirus\PCTAVSvc.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\windows\stsystra.exe
d:\progra~1\3M\PSNLite\PSNGive.exe
d:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-14 09:36:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 01:36

Pre-Run: 243,196,268,544 bytes free
Post-Run: 244,799,963,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E47685FF179A9B8120D60E00CE9675F0

I will post the HighjackThis log file in a separate post as the file size gets too big
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
13-Mar-2010, 09:46 PM #13
The HighjackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:55 AM, on 3/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Freetrojan\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\DLA\DLACTRLW.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/laun...=3r2v5vjp7su1e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8181
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCTAVApp] "D:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DLA] D:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OM2_Monitor] "D:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Dropbox.lnk = D:\Documents and Settings\Dell\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1237105511312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237105627218
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vjage.com/download/vjocx-en.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Freetrojan\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - D:\WINDOWS\system32\pr2agnqb.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9785 bytes

I will sit tight till I hear back. Thanks a lot for all your help.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,289 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
14-Mar-2010, 05:10 PM #14
Open Notepad and copy and paste the text in the code box below into it:

Code:
http://forums.techguy.org/malware-removal-hijackthis-logs/909432-virus.html#post7270690

Collect::
d:\windows\system32\selky.dll

Driver::
dvaelp
ejjtmapn

NetSvcs::
ejjtmapn
dvaelp

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dvaelp]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ejjtmapn]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8608:TCP"=-
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
__________________
Microsoft MVP - Consumer Security
aquestion's Avatar
Junior Member with 21 posts.
  
Join Date: Mar 2010
Experience: Computer Illiterate
15-Mar-2010, 11:21 AM #15
Thanks. Here is the combofixlog
omboFix 10-03-13.01 - Dell 03/15/2010 22:02:01.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1523 [GMT 8:00]
Running from: d:\documents and settings\Dell\Desktop\puppy.exe.exe
Command switches used :: d:\documents and settings\Dell\Desktop\CFScript.txt
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DVAELP
-------\Legacy_EJJTMAPN
-------\Service_dvaelp
-------\Service_ejjtmapn


((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-13 22:16 . 2010-03-13 22:16 52224 ----a-w- d:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-13 05:21 . 2010-03-14 12:00 -------- d-----w- d:\documents and settings\Nandita\Application Data\skypePM
2010-03-13 05:21 . 2010-03-14 12:29 -------- d-----w- d:\documents and settings\Nandita\Application Data\Skype
2010-03-13 05:21 . 2010-03-13 05:21 -------- d-----w- d:\program files\Common Files\Skype
2010-03-12 23:06 . 2010-03-12 23:06 -------- d-----w- d:\program files\Trend Micro
2010-03-09 23:52 . 2010-03-10 01:43 -------- d-----w- d:\program files\a-squared Freetrojan
2010-03-08 23:51 . 2010-03-08 23:51 -------- d-----w- d:\program files\NaturalHealing
2010-03-08 23:46 . 2010-03-08 23:46 12 ----a-w- d:\windows\vmpdmPath.dat
2010-03-08 23:46 . 1997-01-13 05:42 37136 ----a-w- d:\windows\system32\msjint35.dll
2010-03-08 23:46 . 1996-12-02 10:44 24336 ----a-w- d:\windows\system32\msjter35.dll
2010-03-08 23:45 . 1996-08-21 09:08 269312 ----a-w- d:\windows\uninst.exe
2010-03-08 23:45 . 2010-03-08 23:45 -------- d-----w- d:\documents and settings\Dell\WINDOWS
2010-03-08 23:42 . 2010-03-08 23:42 -------- d-----w- d:\documents and settings\Dell\Application Data\www.homeopathyonline.org
2010-03-07 11:33 . 2010-03-15 10:24 14 ----a-w- d:\windows\popcinfo.dat
2010-02-26 23:13 . 2010-02-26 23:13 13264416 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\Dropbox.exe
2010-02-21 02:14 . 2010-03-14 08:00 -------- d-----w- d:\documents and settings\Dell\Application Data\skypePM
2010-02-21 02:14 . 2010-02-21 02:14 48 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-02-21 02:08 . 2010-03-15 14:12 -------- d-----w- d:\documents and settings\Dell\Application Data\Skype
2010-02-21 02:07 . 2010-03-13 05:21 -------- d-----r- d:\program files\Skype
2010-02-21 02:07 . 2010-02-21 02:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 14:11 . 2009-03-14 17:08 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-15 14:11 . 2009-11-02 00:32 -------- d-----w- d:\documents and settings\Dell\Application Data\Dropbox
2010-03-15 14:11 . 2009-03-14 17:08 -------- d-----w- d:\program files\PC Tools AntiVirus
2010-03-13 22:16 . 2009-07-22 23:02 117760 ----a-w- d:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-09 22:06 . 2009-03-14 17:03 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-03-08 23:47 . 2009-03-14 16:52 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-03-04 02:20 . 2009-09-14 00:46 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-02-26 23:14 . 2009-11-02 00:33 91696 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\Uninstall.exe
2010-02-15 09:07 . 2010-01-08 01:37 -------- d-----w- d:\documents and settings\Pavan\Application Data\Ubisoft
2010-02-15 09:07 . 2010-01-08 01:31 -------- d-----w- d:\documents and settings\Pavan\Application Data\MysteryStudio
2010-01-21 08:30 . 2010-01-21 08:29 -------- d-----w- d:\program files\iTunes
2010-01-21 08:29 . 2010-01-21 08:29 -------- d-----w- d:\program files\iPod
2010-01-21 08:29 . 2009-03-29 22:43 -------- d-----w- d:\program files\Common Files\Apple
2010-01-21 02:36 . 2009-04-19 03:49 -------- d-----w- d:\documents and settings\Dell\Application Data\Apple Computer
2009-12-16 06:42 . 2010-01-07 14:02 872960 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 06:42 . 2010-01-07 14:02 43008 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 06:42 . 2010-01-07 14:02 340480 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 06:41 . 2010-01-07 14:02 346624 ----a-w- d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-09 2012912]
"OM2_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Google Update"="d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-08 135664]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"PCTAVApp"="d:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"OM2_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"LogitechCommunicationsManager"="d:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="d:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"DLA"="d:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-06 122940]
"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

d:\documents and settings\Nandita\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Pavan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Dell\Start Menu\Programs\Startup\
Dropbox.lnk - d:\documents and settings\Dell\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - d:\program files\3M\PSNLite\PsnLite.exe [2003-10-9 1622016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 13:43 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\battlerfront1\\GameData\\battlefront.exe"=
"d:\\Programs\\battlefrontII\\GameData\\BattlefrontII.exe"=
"d:\\Programs\\redf\\RedFaction.exe"=
"d:\\Programs\\redf\\rf.exe"=
"d:\\Programs\\Teamfactor\\tf.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programs\\Warcraft III\\Reign of Chaos\\Warcraft III.exe"=
"d:\\Program Files\\PC Tools AntiVirus\\PCTAV.exe"=
"d:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"d:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [3/15/2009 1:08 AM 130936]
R0 pe3agnqb;Cricket 2007 Environment Driver (pe3agnqb);d:\windows\system32\drivers\pe3agnqb.sys [3/4/2007 12:22 AM 65408]
R0 ps6agnqb;Cricket 2007 Synchronization Driver (ps6agnqb);d:\windows\system32\drivers\ps6agnqb.sys [3/4/2007 12:22 AM 51592]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 66632]
R2 a2free;a-squared Free Service;d:\program files\a-squared Freetrojan\a2service.exe [3/10/2010 7:52 AM 1858144]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S2 pr2agnqb;Cricket 2007 Drivers Auto Removal (pr2agnqb);d:\windows\system32\pr2agnqb.exe svc --> d:\windows\system32\pr2agnqb.exe svc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-789336058-725345543-1004Core.job
- d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:06]

2010-03-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-789336058-725345543-1004UA.job
- d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 23:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=3r2v5vjp7su1e
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|https://mail.google.com/mail/?source...f&shva=1#inbox
FF - component: d:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\mymlqfln.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: d:\documents and settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: d:\documents and settings\Dell\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 22:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(720)
d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(7600)
d:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\documents and settings\Dell\Application Data\Dropbox\bin\DropboxExt.13.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\program files\PC Tools AntiVirus\PCTAVSvc.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\windows\stsystra.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-03-15 22:16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 14:16
ComboFix2.txt 2010-03-14 01:36

Pre-Run: 244,754,776,064 bytes free
Post-Run: 244,673,032,192 bytes free

- - End Of File - - 9DBE04DAB1661C1DAF0DABE8F1EE0EBE

The highjackthis file is in the next post
Thanks again
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 4 1 234

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 11:03 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.