1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't goto any Microsoft web sites

Discussion in 'Virus & Other Malware Removal' started by dneighbor, Dec 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Everytime I go to any microsoft or windows website or any of the antivirus websites the thing comes up with "Internet Explorer cannot display the webpage" . I can not even get any updates also. However I can go to any other website OK. My laptop abd desk top are doing this. Can you please help with this? Thanks Don
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,886
    First Name:
    Terry
    I'd say there's at least a 99% probability that you are infected with malware that protects itself by blocking Microsoft and anti-malware sites.

    Suggest you read this thread, post the requested information here, then click on Report and request this thread be moved to the Virus & Other Malware Removal forum. After you get a clean bill of health there they will send you back here if you still have a networking issue. Good luck, and remember that they are more than busy there; post a 'bump' if you don't get a reply in a day or two.

    PS--I would format the partition and reinstall, "Recover" or re-image Windows, but that's certainly not everybody's choice.
     
  3. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,245
    First Name:
    Cody
    I agree completely. Follow TerryNet's instructions and you should be good to go.
     
  4. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Thank You I am backing everything up now. I will post reports as soon as I get them done. Don
     
  5. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:03:31 PM, on 12/21/2010
    Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Donald Neighbor\My Documents\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
    O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA623] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8081] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2378] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9861] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Donald Neighbor\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB701] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3010] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6065] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6763] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
    O4 - Startup: SpeedPlexer.lnk = C:\Program Files\SpeedPlexer\SpeedPlexer.exe
    O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205188213875
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 11874 bytes
     
  6. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Donald Neighbor at 14:06:31.90 on Tue 12/21/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2350 [GMT -5:00]

    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Donald Neighbor\My Documents\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
    BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {00000000-0000-0000-0000-000000000000} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [cdloader] "c:\documents and settings\donald neighbor\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRunOnce: [SpybotDeletingB701] command.com /c del "c:\windows\SchedLgU.Txt"
    uRunOnce: [SpybotDeletingD3010] cmd.exe /c del "c:\windows\SchedLgU.Txt"
    uRunOnce: [SpybotDeletingB6065] command.com /c del "c:\windows\SchedLgU.Txt"
    uRunOnce: [SpybotDeletingD6763] cmd.exe /c del "c:\windows\SchedLgU.Txt"
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
    mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
    mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [SpybotDeletingA623] command.com /c del "c:\windows\SchedLgU.Txt"
    mRunOnce: [SpybotDeletingC8081] cmd.exe /c del "c:\windows\SchedLgU.Txt"
    mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    mRunOnce: [SpybotDeletingA2378] command.com /c del "c:\windows\SchedLgU.Txt"
    mRunOnce: [SpybotDeletingC9861] cmd.exe /c del "c:\windows\SchedLgU.Txt"
    StartupFolder: c:\docume~1\donald~1\startm~1\programs\startup\speedp~1.lnk - c:\program files\speedplexer\SpeedPlexer.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lexmar~1.lnk - c:\program files\lexmark x125\LEX125SU.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205188213875
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    AppInit_DLLs:
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    ============= SERVICES / DRIVERS ===============
    R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 udpwuswic;Driver Installer;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S3 khoik;khoik;c:\windows\system32\01.tmp [2010-7-28 4096]
    S3 tasln;tasln;c:\windows\system32\02.tmp [2010-11-24 4096]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    =============== Created Last 30 ================
    2010-12-13 21:57:25 -------- d-----w- c:\program files\Spyware Doctor
    2010-12-13 21:57:25 -------- d-----w- c:\program files\common files\PC Tools
    2010-12-12 18:32:58 -------- d-----w- c:\program files\TelevisionFanaticEI
    2010-12-12 10:23:28 256 ------w- c:\documents and settings\donald neighbor\pool.bin
    2010-12-12 09:56:31 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Research In Motion
    2010-12-12 09:55:29 -------- d-----w- c:\program files\Research In Motion Limited
    2010-11-27 01:03:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-11-27 01:03:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-11-27 01:03:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-11-25 00:35:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-11-25 00:35:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-11-25 00:08:51 -------- d-----w- c:\docume~1\donald~1\applic~1\GetRightToGo
    2010-11-24 18:33:58 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Mozilla
    2010-11-24 18:24:56 -------- d-----w- c:\program files\Perfect Optimizer
    2010-11-24 10:37:54 4096 ----a-w- c:\windows\system32\02.tmp
    ==================== Find3M ====================
    2010-12-12 09:01:32 256 ----a-w- c:\windows\system32\pool.bin
    2010-11-18 12:46:10 81920 -c----w- c:\windows\ALCFDRTM.VER
    ============= FINISH: 14:07:21.96 ===============
     
  7. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    attach file
     

    Attached Files:

  8. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-21 16:50:21
    Windows 5.1.2600 Service Pack 3, v.3264 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD740GD-75FLA1 rev.27.08D27
    Running: kdh3ejtz.exe; Driver: C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\kfndqkod.sys

    ---- System - GMER 1.0.15 ----
    SSDT PCTCore.sys ZwCreateKey [0xF745B112]
    SSDT PCTCore.sys ZwCreateProcess [0xF743A2D6]
    SSDT PCTCore.sys ZwCreateProcessEx [0xF743A4C8]
    SSDT PCTCore.sys ZwDeleteKey [0xF745B900]
    SSDT PCTCore.sys ZwDeleteValueKey [0xF745BBB4]
    SSDT PCTCore.sys ZwOpenKey [0xF7459E12]
    SSDT PCTCore.sys ZwRenameKey [0xF745C020]
    SSDT PCTCore.sys ZwSetValueKey [0xF745B3D2]
    SSDT PCTCore.sys ZwTerminateProcess [0xF7439F44]
    ---- Kernel code sections - GMER 1.0.15 ----
    ? PCTCore.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 0247ADDD
    .text C:\WINDOWS\System32\svchost.exe[1420] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 0247AD74
    .text C:\WINDOWS\System32\svchost.exe[1532] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 0101ADDD
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 430A17EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 430A1770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 430A17B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxExW 7E4507F8 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 430A16FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 430A1736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 430A182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Processes - GMER 1.0.15 ----
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x502A0000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x05D10000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x53540000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x05D40000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x40AB0000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x40360000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x51FE0000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x65100000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x65200000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x05F50000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x06050000
    ---- Services - GMER 1.0.15 ----
    Service C:\WINDOWS\system32\01.tmp (*** hidden *** ) [MANUAL] khoik <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\02.tmp (*** hidden *** ) [MANUAL] tasln <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] udpwuswic <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Driver Installer
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Stores security information for local user accounts.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\udpwuswic\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\udpwuswic\[email protected] C:\WINDOWS\system32\xloxfc.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Driver Installer
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Stores security information for local user accounts.
    Reg HKLM\SYSTEM\ControlSet002\Services\udpwuswic\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\udpwuswic\[email protected] C:\WINDOWS\system32\xloxfc.dll
    ---- EOF - GMER 1.0.15 ----
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  10. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    ComboFix 10-12-22.05 - Donald Neighbor 12/23/2010 10:10:01.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2432 [GMT -5:00]
    Running from: c:\documents and settings\Donald Neighbor\My Documents\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Donald Neighbor\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Donald Neighbor\Favorites\Thumbs.db
    C:\Install.exe
    c:\program files\Perfect Optimizer
    c:\program files\Perfect Optimizer\PerfectOptimizer.ini
    c:\windows\system32\01.tmp
    c:\windows\system32\02.tmp
    G:\Autorun.inf
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Service_khoik
    -------\Service_tasln

    ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
    .
    2010-12-13 21:57 . 2010-12-23 15:17 -------- d-----w- c:\program files\Spyware Doctor
    2010-12-12 18:32 . 2010-12-12 18:32 -------- d-----w- c:\program files\TelevisionFanaticEI
    2010-12-12 10:23 . 2010-12-12 10:23 256 ------w- c:\documents and settings\Donald Neighbor\pool.bin
    2010-12-12 09:56 . 2010-12-12 09:56 -------- d-----w- c:\documents and settings\Donald Neighbor\Local Settings\Application Data\Research In Motion
    2010-12-12 09:55 . 2010-12-12 09:55 -------- d-----w- c:\program files\Research In Motion Limited
    2010-12-09 17:01 . 2010-12-09 17:01 -------- d-----w- c:\documents and settings\HOUSE\Local Settings\Application Data\Google
    2010-11-27 01:03 . 2010-11-27 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-11-27 01:03 . 2010-11-27 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-11-25 00:35 . 2010-12-23 15:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-11-25 00:35 . 2010-12-21 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-11-25 00:08 . 2010-11-25 00:17 -------- d-----w- c:\documents and settings\Donald Neighbor\Application Data\GetRightToGo
    2010-11-24 18:33 . 2010-11-24 18:33 -------- d-----w- c:\documents and settings\Donald Neighbor\Local Settings\Application Data\Mozilla
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-23 15:18 . 2010-12-23 15:18 4096 ----a-w- c:\windows\system32\02.tmp
    2010-11-18 12:46 . 2008-03-11 01:21 81920 -c----w- c:\windows\ALCFDRTM.VER
    .
    ------- Sigcheck -------
    [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\mshtml.dll
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\system32\mshtml.dll
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2007-12-07 . DA9377A57A277170C78095C0E8BD8C85 . 3059200 . . [6.00.2900.3268] . . c:\windows\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2gdr\mshtml.dll
    [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\mshtml.dll
    [-] 2007-12-07 . 8A4DD074DEC1B0C063C8493ABF654CBC . 3066368 . . [6.00.2900.3268] . . c:\windows\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2qfe\mshtml.dll
    [7] 2007-12-01 . 3EC4D26B360559A1DEA1143748DB34F1 . 3066880 . . [6.00.2900.3264] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
    [-] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\mshtml.dll
    [-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    [-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\mshtml.dll
    [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
    [7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
    [7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\system32\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
    [-] 2007-12-07 . 57D1B5150CF6331FAC6B3E04C1FCB966 . 659456 . . [6.00.2900.3268] . . c:\windows\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2gdr\wininet.dll
    [-] 2007-12-07 . 085A7C37F9C6EDE1BA870B7DBEC06399 . 666112 . . [6.00.2900.3268] . . c:\windows\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2qfe\wininet.dll
    [7] 2007-12-01 . E7F441CDE6E418BB68FC700872C004A0 . 666112 . . [6.00.2900.3264] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
    [-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
    [-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    [-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
    [7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
    [7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
    [7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
    [-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\iexplore.exe
    [-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\system32\dllcache\iexplore.exe
    [-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
    [-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\iexplore.exe
    [7] 2007-12-01 . BA8925347A1B9815250DBA666DDD5095 . 93184 . . [6.00.2900.3264] . . c:\windows\ServicePackFiles\i386\iexplore.exe
    [-] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
    [-] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe
    [-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    [-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
    [7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
    [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
    [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Donald Neighbor\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
    "SoundMan"="SOUNDMAN.EXE" [2008-03-10 86016]
    "AlcWzrd"="ALCWZRD.EXE" [2008-03-10 2807808]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
    "nwiz"="nwiz.exe" [2007-04-12 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
    "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
    "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "LMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 45056]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    c:\documents and settings\Donald Neighbor\Start Menu\Programs\Startup\
    SpeedPlexer.lnk - c:\program files\SpeedPlexer\SpeedPlexer.exe [N/A]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Lexmark X125 Settings Utility.lnk - c:\program files\Lexmark X125\LEX125SU.exe [2009-10-31 1810432]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ------w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Donald Neighbor\\Application Data\\mjusbsp\\magicJack.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7011:TCP"= 7011:TCP:tkryusre
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "1037:TCP"= 1037:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    S?2 udpwuswic;Driver Installer;c:\windows\system32\svchost.exe -k netsvcs [8/23/2001 7:00 AM 14336]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    udpwuswic
    .
    Contents of the 'Scheduled Tasks' folder
    2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    2010-12-23 c:\windows\Tasks\User_Feed_Synchronization-{D804174C-E0C8-4E1D-BB03-A5542DD0CF6F}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-23 10:19
    Windows 5.1.2600 Service Pack 3, v.3264 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\udpwuswic]
    "ServiceDll"="c:\windows\system32\xloxfc.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-790525478-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    [HKEY_USERS\S-1-5-21-790525478-343818398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:49,e1,c0,3d,68,34,f2,7b,6c,82,75,ee,31,0b,6e,07,45,00,25,cc,32,4d,3c,
    44,b3,70,af,8c,5b,94,82,4e,21,75,00,1b,69,c9,c3,1f,2a,fa,ca,c5,25,bd,c1,47,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(952)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    - - - - - - - > 'explorer.exe'(1556)
    c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\ALCWZRD.EXE
    c:\windows\system32\devldr32.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-23 10:22:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-23 15:21
    Pre-Run: 50,905,026,560 bytes free
    Post-Run: 50,758,418,432 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    - - End Of File - - E72F988A110FAAFA3710FF810D0EB458
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7736349-post10.html
    
    Collect::
    c:\windows\system32\tkryusre.sys
    c:\windows\system32\xloxfc.dll
    
    FCopy::
    c:\windows\ServicePackFiles\i386\mshtml.dll | c:\windows\system32\mshtml.dll
    c:\windows\ServicePackFiles\i386\mshtml.dll | c:\windows\system32\dllcache\mshtml.dll
    c:\windows\ServicePackFiles\i386\wininet.dll | c:\windows\system32\wininet.dll
    c:\windows\ServicePackFiles\i386\wininet.dll | c:\windows\system32\dllcache\wininet.dll
    c:\windows\ServicePackFiles\i386\iexplore.exe | c:\windows\system32\dllcache\iexplore.exe
    
    Registry
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "7011:TCP"=-
    
    Driver::
    udpwuswic
    
    NetSvc::
    udpwuswic
    
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    Please download Malwarebytes' Anti-Malware
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  12. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    I did the combofix and got the log report and now I can not get on the internet on that computer. IE comes up and it says "connecting" but never connects.
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please run through the following trouble shooting steps, hopefully, one of them will get you back on line

    if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

    [​IMG]

    If you have no task bar icon do this:

    • Click on the Start button.
    • Click on the Settings menu option.
    • Click on the Control Panel option.
    • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
    • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
    • click on the Repair menu option.

    [​IMG]

    Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

    If not > try the following


    • Go to Start > Control Panel, and choose Network Connections.
    • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
    • Click the Networking tab
    • Double-click on the Internet Protocol (TCP/IP) item.
    • Write down the settings in case you should need to change them back.
    • Select the radio button that says "Obtain DNS servers automatically".
    • Click OK twice to get out of the properties screen and restart your computer.
    • If not prompted to reboot go ahead and reboot manually.

    In I.E.
    • Check internet options settings.
    • Tools > Internet Options > Connections
    • LAN settings
    • Choose "automatically detect settings"
    • uncheck both proxy settings boxes

    In FireFox
    • Click on Advanced -> Network -> Settings…
    • the No Proxy option should be selected



    NEXT


    Go to Start > Run > type in CMD to open a command prompt.

    Type in the following command in the command prompt and press Enter.


    netsh int ip reset reset.log

    Then also type the following command and hit enter.

    netsh winsock reset catalog

    Once that completes then restart the system and see then if you are able to get online.


    Let me know how that goes
     
  14. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Hope You Have a Very Merry Christmas :)


    I did all of the above with no luck. Sorry. LOL

    I have in my network connections folder the following (maybe this will help):
    in the LAN or High Speed Internet

    1394 connection
    connected
    1394 networkadapter

    When I try to repair this one it comes back with:
    Action could not be completed,
    TCP/IP is not enabled

    also I have

    Local area connection 2
    connected
    intel (R) pro/1000 MT networ...

    Also I have: ( This one has ared X on it )

    Local area connection 3
    network cable unpluged
    intel (R) pro/100 VE network...
     
  15. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,886
    First Name:
    Terry
    What, if any, warnings or errors do you see in Device manager?

    Please show ...

    Start, Run, CMD, OK to open a command prompt:
    (For Vista or 7 type CMD in the Search box after Start)

    Type the following command:

    IPCONFIG /ALL

    [Note that there is no space between the slash and ALL.]

    Right click in the command window and choose Select All, then hit Enter.
    Paste the results in a message here.

    If necessary use a text file and removable media to copy the results to a computer with internet access.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969645

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice