Help again, this time I have ONE security thing, Avast ONLY!

Posted 4/29/2009 7:45 AM
#73185
User avatar

Maggie8 Advanced member

Date Joined Nov 2016
Total Posts: 69
ComboFix 09-04-28.02 - Mom 04/29/2009 0:30.8 - NTFSx86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1449 [GMT -7:00] <br/>Running from: c:\documents and settings\Mom\Desktop\FIX\ComboFix.exe <br/>AV: avast! antivirus 4.8.1335 [VPS 090428-0] *On-access scanning disabled* (Updated) <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-04-28 14:24 . 2009-04-28 14:24 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2009-04-20 11:33 . 2009-04-20 11:33 45920 ---ha-w c:\windows\system32\mlfcache.dat <br/>2009-04-19 00:14 . 2009-04-19 00:14 -------- d-----w c:\program files\KingsIsle Entertainment <br/>2009-04-15 10:39 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll <br/>2009-04-15 10:39 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll <br/>2009-04-15 10:39 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll <br/>2009-04-15 10:39 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll <br/>2009-04-15 10:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll <br/>2009-04-15 10:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe <br/>2009-04-12 03:57 . 2007-04-26 21:55 33664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS <br/>2009-04-12 03:57 . 2007-06-14 22:57 86016 ----a-w c:\windows\system32\preflib.dll <br/>2009-04-12 03:57 . 2007-04-26 21:55 184320 ----a-w c:\windows\system32\bcmwlu00.exe <br/>2009-04-12 03:57 . 2007-06-14 22:53 44032 ----a-w c:\windows\system32\wltrynt.dll <br/>2009-04-12 03:57 . 2007-04-26 21:55 69632 ----a-w c:\windows\system32\bcmwlpkt.dll <br/>2009-04-12 03:57 . 2007-06-14 22:52 1134592 ----a-w c:\windows\system32\BCMWLTRY.EXE <br/>2009-04-12 03:57 . 2007-06-14 22:45 20480 ----a-w c:\windows\system32\WLTRYSVC.EXE <br/>2009-04-12 03:57 . 2007-04-26 21:55 2129920 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL <br/>2009-04-12 03:57 . 2007-06-14 22:57 757760 ----a-w c:\windows\system32\bcm1xsup.dll <br/>2009-04-12 03:57 . 2007-10-09 21:33 198144 ----a-w c:\windows\system32\drivers\WUSB54GSCV2.sys <br/>2009-04-12 03:57 . 2009-04-12 03:57 -------- d-----w c:\program files\Linksys <br/>2009-04-12 02:22 . 2007-06-14 22:53 700416 ----a-w c:\windows\system32\BCMLogon.dll <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-04-28 13:36 . 2009-01-28 13:36 60416 --sha-w c:\windows\system32\fazugafi.exe <br/>2009-04-27 07:23 . 2009-02-10 22:26 -------- d-----w c:\program files\Paint Shop Pro 5 <br/>2009-04-25 08:24 . 2009-03-25 23:31 714 ----a-w c:\documents and settings\Mom\Application Data\wklnhst.dat <br/>2009-04-20 10:38 . 2009-02-22 02:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware <br/>2009-04-19 00:14 . 2008-04-24 01:11 -------- d--h--w c:\program files\InstallShield Installation Information <br/>2009-04-15 16:56 . 2008-10-26 03:53 70296 ----a-w c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-04-13 22:41 . 2008-10-26 22:57 34 ----a-w c:\documents and settings\Mom\jagex_runescape_preferences.dat <br/>2009-04-06 22:32 . 2009-02-22 02:15 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-04-06 22:32 . 2009-02-22 02:15 15504 ----a-w c:\windows\system32\drivers\mbam.sys <br/>2009-04-04 16:23 . 2008-12-26 01:36 -------- d-----w c:\program files\EA Games <br/>2009-03-26 00:37 . 2009-03-26 00:37 -------- d-----w c:\program files\Serif <br/>2009-03-25 23:23 . 2008-04-24 01:16 -------- d-----w c:\program files\Microsoft Works <br/>2009-03-20 06:26 . 2009-03-20 06:26 -------- d-----w c:\program files\Microsoft Silverlight <br/>2009-03-19 05:29 . 2009-03-19 05:29 -------- d-----w c:\program files\GameSpy Arcade <br/>2009-03-19 05:27 . 2009-03-16 06:42 -------- d-----w c:\program files\Microsoft Games <br/>2009-03-19 05:24 . 2009-03-19 05:24 -------- d-----w c:\program files\DAEMON Tools Lite <br/>2009-03-19 05:21 . 2009-03-19 05:21 717296 ----a-w c:\windows\system32\drivers\sptd.sys <br/>2009-03-17 07:22 . 2009-02-27 00:33 -------- d-----w c:\program files\McAfee <br/>2009-03-11 12:27 . 2009-02-23 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy <br/>2009-03-09 20:52 . 2009-03-09 20:49 -------- d-----w c:\program files\Playboy <br/>2009-03-08 14:45 . 2009-03-08 14:45 -------- d-----w c:\program files\MSXML 4.0 <br/>2009-03-08 11:36 . 2009-03-08 11:36 -------- d-----w c:\program files\Common Files\Kodak <br/>2009-03-08 11:25 . 2009-03-08 07:13 -------- d-----w c:\program files\Kodak <br/>2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll <br/>2009-03-06 09:29 . 2009-03-06 09:29 -------- d-----w c:\program files\Microsoft <br/>2009-03-06 09:29 . 2009-03-06 09:28 -------- d-----w c:\program files\Windows Live <br/>2009-03-06 09:29 . 2009-03-06 09:29 -------- d-----w c:\program files\Windows Live SkyDrive <br/>2009-03-06 09:24 . 2009-03-06 09:24 -------- d-----w c:\program files\Common Files\Windows Live <br/>2009-03-05 11:46 . 2009-03-05 11:43 -------- d-----w c:\program files\MyDSC2 <br/>2009-03-05 10:44 . 2008-04-24 01:15 -------- d-----w c:\program files\Google <br/>2009-03-05 10:21 . 2009-03-05 10:21 -------- d-----w c:\program files\DC505 <br/>2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll <br/>2009-02-23 22:51 . 2004-08-10 17:50 67 --sha-w c:\windows\Fonts\desktop.ini <br/>2009-02-23 20:02 . 2004-08-10 18:03 77939 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat <br/>2009-02-23 17:56 . 2009-02-23 17:56 410984 ----a-w c:\windows\system32\deploytk.dll <br/>2009-02-20 18:09 . 2004-08-10 17:51 78336 ----a-w c:\windows\system32\ieencode.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll <br/>2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll <br/>2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys <br/>2009-02-08 02:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe <br/>2009-02-07 02:52 . 2009-02-07 02:52 49504 ----a-w c:\windows\system32\sirenacm.dll <br/>2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe <br/>2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe <br/>2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe <br/>2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll <br/>2004-04-27 22:19 . 2009-03-17 08:10 3192827 ----a-w c:\program files\haloce.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-04-29_07.10.32 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2009-04-29 07:21 . 2009-04-29 07:21 16384 c:\windows\temp\Perflib_Perfdata_6c4.dat <br/>+ 2009-04-29 07:21 . 2009-04-29 07:21 16384 c:\windows\temp\Perflib_Perfdata_648.dat <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] <br/>"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600] <br/>"DigiSrv"="c:\windows\Twain_32\DigiCam\DigiSrv.exe" [2003-08-07 180304] <br/>"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] <br/> <br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] <br/>2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 <br/>"wave"= serwvdrv.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"UpdatesDisableNotify"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= <br/>"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= <br/>"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= <br/>"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= <br/>"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"= <br/>"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= <br/>"c:\\Program Files\\EA Games\\Battlefield 1942 Multiplayer Demo\\BF1942Demo.exe"= <br/> <br/>R2 gupdate1c99a8d25a3be0;Google Update Service (gupdate1c99a8d25a3be0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104] <br/>R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-16 7408] <br/>R3 SQTECH913C;DigiCam;c:\windows\system32\DRIVERS\Capt913c.sys [2004-03-17 27632] <br/>S1 aswSP;avast! Self Protection; [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-16 8944] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-16 55024] <br/>S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] <br/>S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2008-07-25 18944] <br/>S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] <br/>S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] <br/>S2 WUSB54GSC;WUSB54GSC; [x] <br/>S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [2007-10-09 198144] <br/> <br/> <br/>--- Other Services/Drivers In Memory --- <br/> <br/>*Deregistered* - uphcleanhlp <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-04-29 c:\windows\Tasks\Google Software Updater.job <br/>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 18:32] <br/> <br/>2009-04-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:44] <br/> <br/>2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job <br/>- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20] <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe <br/> <br/> <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\5wxad41q.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com <br/>FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll <br/>FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll <br/>FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-04-29 00:36 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'winlogon.exe'(804) <br/>c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/>c:\windows\System32\BCMLogon.dll <br/> <br/>- - - - - - - > 'explorer.exe'(2668) <br/>c:\program files\McAfee\SiteAdvisor\saHook.dll <br/>c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll <br/>c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2009-04-29 0:37 <br/>ComboFix-quarantined-files.txt 2009-04-29 07:37 <br/>ComboFix2.txt 2009-04-29 07:13 <br/>ComboFix3.txt 2008-12-26 10:27 <br/>ComboFix4.txt 2008-12-26 09:08 <br/>ComboFix5.txt 2009-04-29 07:30 <br/> <br/>Pre-Run: 119,866,691,584 bytes free <br/>Post-Run: 119,861,235,712 bytes free <br/> <br/>210 --- E O F --- 2009-04-28 16:03 <br/>**************************************** <br/>Malwarebytes' Anti-Malware 1.36 <br/>Database version: 2053 <br/>Windows 5.1.2600 Service Pack 3 <br/> <br/>4/28/2009 7:19:14 AM <br/>mbam-log-2009-04-28 (07-19-14).txt <br/> <br/>Scan type: Full Scan (C:\|) <br/>Objects scanned: 5556 <br/>Time elapsed: 27 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 5 <br/>Registry Keys Infected: 4 <br/>Registry Values Infected: 5 <br/>Registry Data Items Infected: 3 <br/>Folders Infected: 0 <br/>Files Infected: 6 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>C:\WINDOWS\system32\pitevigu.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\batusoka.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\fahojiku.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\modeboho.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\halisuse.dll (Trojan.Vundo.H) -> Delete on reboot. <br/> <br/>Registry Keys Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a907ea98-3324-47d9-9d4a-cbc1d6109821} (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{a907ea98-3324-47d9-9d4a-cbc1d6109821} (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a907ea98-3324-47d9-9d4a-cbc1d6109821} (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\549327dd (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm57a01441 (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zuhawasoke (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pitevigu.dll -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pitevigu.dll -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fahojiku.dll -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>C:\WINDOWS\system32\batusoka.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\akosutab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\fahojiku.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\modeboho.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\halisuse.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>C:\WINDOWS\system32\pitevigu.dll (Trojan.Vundo.H) -> Delete on reboot. <br/>***************************************** <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 12:43:58 AM, on 4/29/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16827) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\DAEMON Tools Lite\daemon.exe <br/>C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\Kodak\printer\center\KodakSvc.exe <br/>C:\Program Files\Google\Update\GoogleUpdate.exe <br/>C:\Program Files\McAfee\SiteAdvisor\McSACore.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\UPHClean\uphclean.exe <br/>C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe <br/>C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\WINDOWS\system32\notepad.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Documents and Settings\Mom\Desktop\FIX\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll <br/>O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe <br/>O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe <br/>O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun <br/>O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224995547297 <br/>O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: Google Update Service (gupdate1c99a8d25a3be0) (gupdate1c99a8d25a3be0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe <br/>O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE <br/>O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe <br/> <br/>-- <br/>End of file - 7913 bytes <br/>*************************************** <br/>Windows keeps shutting off and giving me a blue screen saying it had to shut off. Ran stuff in Safe Mode. Is it clean? Thanks Touch. <br/>~Margie
Posted 4/29/2009 12:54 PM
#73192
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Delete this file: <br/>c:\windows\system32\fazugafi.exe <br/> <br/>Reboot. <br/> <br/>Still got blue Screens ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/30/2009 5:06 AM
#73197
User avatar

Maggie8 Advanced member

Date Joined Nov 2016
Total Posts: 69
Cool, so far so good. I got rid of a lot of it on my own, getting lots of practice! <br/>I don't understand why Avast gives me a warning, then says it deleted the virus, but then I run a check and I'll have a lot of "found" items. <br/>Even with just one security thing, I STILL get viruses. GRRR. <br/>Thanks, Touch.
Posted 4/30/2009 11:43 AM
#73200
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Where are the viruses located - Filename/s and path ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/3/2009 5:25 PM
#73275
User avatar

Maggie8 Advanced member

Date Joined Nov 2016
Total Posts: 69
I'm not sure, it keeps (Avast) popping up and saying "Virus Detected" and that it recommends "Move to Chest" which I do. The blue screens have stopped, but everyday I keep getting these "Virus Detected" things. <br/>ComboFix 09-04-28.02 - Mom 05/03/2009 10:05.9 - NTFSx86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1526 [GMT -7:00] <br/>Running from: c:\documents and settings\Mom\Desktop\FIX\ComboFix.exe <br/>AV: avast! antivirus 4.8.1335 [VPS 090502-0] *On-access scanning disabled* (Updated) <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-5-3 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-05-03 10:07 . 2000-07-15 07:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL <br/>2009-05-03 10:07 . 2009-05-03 10:48 -------- d-----w c:\program files\FriendBlasterPro <br/>2009-05-01 18:05 . 2009-05-02 02:31 -------- d-----w c:\documents and settings\Mom\Application Data\LimeWire <br/>2009-05-01 18:05 . 2009-05-02 02:30 -------- d-----w c:\program files\LimeWire <br/>2009-05-01 16:54 . 2009-05-01 16:57 -------- d-----w C:\markSR <br/>2009-04-30 20:03 . 2009-05-01 14:32 -------- d-----w c:\documents and settings\Mom\Local Settings\Application Data\PMB Files <br/>2009-04-30 20:03 . 2009-04-30 20:03 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files <br/>2009-04-30 20:02 . 2009-04-30 20:02 -------- d-----w c:\program files\Pando Networks <br/>2009-04-28 14:24 . 2009-04-28 14:24 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2009-04-20 11:33 . 2009-04-20 11:33 45920 ---ha-w c:\windows\system32\mlfcache.dat <br/>2009-04-19 00:14 . 2009-04-19 00:14 -------- d-----w c:\program files\KingsIsle Entertainment <br/>2009-04-15 10:39 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll <br/>2009-04-15 10:39 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll <br/>2009-04-15 10:39 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll <br/>2009-04-15 10:39 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe <br/>2009-04-15 10:39 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll <br/>2009-04-15 10:39 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll <br/>2009-04-15 10:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll <br/>2009-04-15 10:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe <br/>2009-04-12 03:57 . 2007-04-26 21:55 33664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS <br/>2009-04-12 03:57 . 2007-06-14 22:57 86016 ----a-w c:\windows\system32\preflib.dll <br/>2009-04-12 03:57 . 2007-04-26 21:55 184320 ----a-w c:\windows\system32\bcmwlu00.exe <br/>2009-04-12 03:57 . 2007-06-14 22:53 44032 ----a-w c:\windows\system32\wltrynt.dll <br/>2009-04-12 03:57 . 2007-04-26 21:55 69632 ----a-w c:\windows\system32\bcmwlpkt.dll <br/>2009-04-12 03:57 . 2007-06-14 22:52 1134592 ----a-w c:\windows\system32\BCMWLTRY.EXE <br/>2009-04-12 03:57 . 2007-06-14 22:45 20480 ----a-w c:\windows\system32\WLTRYSVC.EXE <br/>2009-04-12 03:57 . 2007-04-26 21:55 2129920 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL <br/>2009-04-12 03:57 . 2007-06-14 22:57 757760 ----a-w c:\windows\system32\bcm1xsup.dll <br/>2009-04-12 03:57 . 2007-10-09 21:33 198144 ----a-w c:\windows\system32\drivers\WUSB54GSCV2.sys <br/>2009-04-12 03:57 . 2009-04-12 03:57 -------- d-----w c:\program files\Linksys <br/>2009-04-12 02:22 . 2007-06-14 22:53 700416 ----a-w c:\windows\system32\BCMLogon.dll <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-05-02 11:41 . 2009-03-25 23:31 952 ----a-w c:\documents and settings\Mom\Application Data\wklnhst.dat <br/>2009-04-30 20:09 . 2009-03-16 06:42 -------- d-----w c:\program files\Microsoft Games <br/>2009-04-30 20:08 . 2008-12-26 01:36 -------- d-----w c:\program files\EA Games <br/>2009-04-30 20:08 . 2008-04-24 01:11 -------- d--h--w c:\program files\InstallShield Installation Information <br/>2009-04-27 07:23 . 2009-02-10 22:26 -------- d-----w c:\program files\Paint Shop Pro 5 <br/>2009-04-20 10:38 . 2009-02-22 02:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware <br/>2009-04-15 16:56 . 2008-10-26 03:53 70296 ----a-w c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-04-13 22:41 . 2008-10-26 22:57 34 ----a-w c:\documents and settings\Mom\jagex_runescape_preferences.dat <br/>2009-04-06 22:32 . 2009-02-22 02:15 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-04-06 22:32 . 2009-02-22 02:15 15504 ----a-w c:\windows\system32\drivers\mbam.sys <br/>2009-03-26 00:37 . 2009-03-26 00:37 -------- d-----w c:\program files\Serif <br/>2009-03-25 23:23 . 2008-04-24 01:16 -------- d-----w c:\program files\Microsoft Works <br/>2009-03-20 06:26 . 2009-03-20 06:26 -------- d-----w c:\program files\Microsoft Silverlight <br/>2009-03-19 05:29 . 2009-03-19 05:29 -------- d-----w c:\program files\GameSpy Arcade <br/>2009-03-19 05:24 . 2009-03-19 05:24 -------- d-----w c:\program files\DAEMON Tools Lite <br/>2009-03-19 05:21 . 2009-03-19 05:21 717296 ----a-w c:\windows\system32\drivers\sptd.sys <br/>2009-03-17 07:22 . 2009-02-27 00:33 -------- d-----w c:\program files\McAfee <br/>2009-03-11 12:27 . 2009-02-23 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy <br/>2009-03-09 20:52 . 2009-03-09 20:49 -------- d-----w c:\program files\Playboy <br/>2009-03-08 14:45 . 2009-03-08 14:45 -------- d-----w c:\program files\MSXML 4.0 <br/>2009-03-08 11:36 . 2009-03-08 11:36 -------- d-----w c:\program files\Common Files\Kodak <br/>2009-03-08 11:25 . 2009-03-08 07:13 -------- d-----w c:\program files\Kodak <br/>2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll <br/>2009-03-06 09:29 . 2009-03-06 09:29 -------- d-----w c:\program files\Microsoft <br/>2009-03-06 09:29 . 2009-03-06 09:28 -------- d-----w c:\program files\Windows Live <br/>2009-03-06 09:29 . 2009-03-06 09:29 -------- d-----w c:\program files\Windows Live SkyDrive <br/>2009-03-06 09:24 . 2009-03-06 09:24 -------- d-----w c:\program files\Common Files\Windows Live <br/>2009-03-05 11:46 . 2009-03-05 11:43 -------- d-----w c:\program files\MyDSC2 <br/>2009-03-05 10:44 . 2008-04-24 01:15 -------- d-----w c:\program files\Google <br/>2009-03-05 10:21 . 2009-03-05 10:21 -------- d-----w c:\program files\DC505 <br/>2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll <br/>2009-02-23 22:51 . 2004-08-10 17:50 67 --sha-w c:\windows\Fonts\desktop.ini <br/>2009-02-23 20:02 . 2004-08-10 18:03 77939 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat <br/>2009-02-23 17:56 . 2009-02-23 17:56 410984 ----a-w c:\windows\system32\deploytk.dll <br/>2009-02-20 18:09 . 2004-08-10 17:51 78336 ----a-w c:\windows\system32\ieencode.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll <br/>2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll <br/>2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll <br/>2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys <br/>2009-02-08 02:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe <br/>2009-02-07 02:52 . 2009-02-07 02:52 49504 ----a-w c:\windows\system32\sirenacm.dll <br/>2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe <br/>2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe <br/>2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe <br/>2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll <br/>2004-04-27 22:19 . 2009-03-17 08:10 3192827 ----a-w c:\program files\haloce.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-04-29_07.10.32 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2009-05-03 16:23 . 2009-05-03 16:23 16384 c:\windows\temp\Perflib_Perfdata_7f8.dat <br/>+ 2009-05-03 16:23 . 2009-05-03 16:23 16384 c:\windows\temp\Perflib_Perfdata_52c.dat <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] <br/>"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600] <br/>"DigiSrv"="c:\windows\Twain_32\DigiCam\DigiSrv.exe" [2003-08-07 180304] <br/>"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] <br/> <br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] <br/>2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 <br/>"wave"= serwvdrv.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= <br/>"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= <br/>"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= <br/>"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= <br/>"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= <br/>"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= <br/>"c:\\Program Files\\LimeWire\\LimeWire.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"57175:TCP"= 57175:TCP:Pando Media Booster <br/>"57175:UDP"= 57175:UDP:Pando Media Booster <br/> <br/>R2 gupdate1c99a8d25a3be0;Google Update Service (gupdate1c99a8d25a3be0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104] <br/>R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-16 7408] <br/>R3 SQTECH913C;DigiCam;c:\windows\system32\DRIVERS\Capt913c.sys [2004-03-17 27632] <br/>R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [2007-10-09 198144] <br/>S1 aswSP;avast! Self Protection; [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-16 8944] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-16 55024] <br/>S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] <br/>S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2008-07-25 18944] <br/>S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] <br/>S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] <br/>S2 WUSB54GSC;WUSB54GSC; [x] <br/> <br/> <br/>--- Other Services/Drivers In Memory --- <br/> <br/>*Deregistered* - uphcleanhlp <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-05-03 c:\windows\Tasks\Google Software Updater.job <br/>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 18:32] <br/> <br/>2009-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:44] <br/> <br/>2009-05-03 c:\windows\Tasks\MP Scheduled Scan.job <br/>- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\5wxad41q.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com <br/>FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll <br/>FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll <br/>FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-05-03 10:10 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'winlogon.exe'(652) <br/>c:\program files\SUPERAntiSpyware\SASWINLO.dll <br/>c:\windows\System32\BCMLogon.dll <br/> <br/>- - - - - - - > 'explorer.exe'(2644) <br/>c:\program files\McAfee\SiteAdvisor\saHook.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2009-05-03 10:11 <br/>ComboFix-quarantined-files.txt 2009-05-03 17:11 <br/>ComboFix2.txt 2009-04-29 07:37 <br/>ComboFix3.txt 2009-04-29 07:13 <br/>ComboFix4.txt 2008-12-26 10:27 <br/>ComboFix5.txt 2009-05-03 17:05 <br/> <br/>Pre-Run: 119,549,882,368 bytes free <br/>Post-Run: 119,548,866,560 bytes free <br/> <br/>217 --- E O F --- 2009-05-01 06:18 <br/>********************************************* <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 10:18:30 AM, on 5/3/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16827) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Google\Update\GoogleUpdate.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\Kodak\printer\center\KodakSvc.exe <br/>C:\Program Files\McAfee\SiteAdvisor\McSACore.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\UPHClean\uphclean.exe <br/>C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe <br/>C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe <br/>C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Documents and Settings\Mom\Desktop\FIX\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll <br/>O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe <br/>O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe <br/>O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun <br/>O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224995547297 <br/>O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: Google Update Service (gupdate1c99a8d25a3be0) (gupdate1c99a8d25a3be0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe <br/>O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE <br/>O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe <br/> <br/>-- <br/>End of file - 7763 bytes
Posted 5/3/2009 5:28 PM
#73276
User avatar

Maggie8 Advanced member

Date Joined Nov 2016
Total Posts: 69
I forgot one thing, I did notice one of them said "Disable Windows Security", Avast suggested "Move to Chest" and I did. I can't find anything about it now.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 5:49 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.