Security Risk

mcktheknf

mcktheknf

Member
I have a Hijackthis message at the top of the report that reads:

It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. You can look here for a good anti-virus scanner.
We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

I am running AVG, Malwarebytes and Windows Security Center. Should I get another Firewall or is this group ok?
 
That sounds fishy. Can you please post both the HJT log and a Malwarebytes log (remember to update before running it).

Have you noticed any odd behavior from your computer lately?
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:10 PM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230007659656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230007389750
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cam-rg.dev.lane.edu/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{730EE6FC-B357-4998-BC82-9B537B3E9892}: NameServer = 66.174.92.14 69.78.96.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10148 bytes
 
My PC crashed last week from a virus and compared to then its not running too bad.

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2010 8:09:02 PM
mbam-log-2010-03-07 (20-09-02).txt

Scan type: Quick Scan
Objects scanned: 134000
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------
Microsoft Windows XP
Professional
Version 2002
Service Pack 3
In Win S500 Mid 250W ATX Case
AMD Athlon XP 2500+ 1.83 GHz/333512k Box
PC2700 DDR 64x [512MB] ELLXIR
ABIT KD7 Socket A-MAA
Modem 56k v.90/voice PCI
CD-RW LITEON 52x54x52x IDE Box
TEAC 1.44 White
WD Caviar 80 GB WD800JB 8M 7200/100
GeForce4 MX-440 8XAGP 64MB DDR w/TV Out
 
Last edited:
You dont seem to have AVG set to run at startup. Check the program settings and also go into the startup tab in msconfig and make sure that all AVG instances are checked on. You're using the free version of AVG, correct? The free version has no firewall.

Are you using the xp firewall or is it off. It should be on unless you have a different one you prefer to run. Are you using a router firewall instead of the windows firewall?

See Johnb's list of security programs if you want a non-Windows firewall (link below). I dont trust XP's firewall.

http://www.computerforum.com/166728-list-security-programs-use.html

The HJT log seems clean.

Where exactly was the message you recieved from HJT. I haven't ever seen any messages from HJT about A/V or firewall being off or missing. HJT doesnt work in that way, its purely an analysis tool.

And waht do you mean, "its not running too bad"? Do you mean that there is still a problem with your computer, and how so? Please elaborate.

(Oh an I like your user name. Good one.)
 
Last edited:
gamblingman said:
You dont seem to have AVG set to run at startup. Check the program settings and also go into the startup tab in msconfig and make sure that all AVG instances are checked on. You're using the free version of AVG, correct? The free version has no firewall.

Are you using the xp firewall or is it off. It should be on unless you have a different one you prefer to run. Are you using a router firewall instead of the windows firewall?

See Johnb's list of security programs if you want a non-Windows firewall (link below). I dont trust XP's firewall.

http://www.computerforum.com/166728-list-security-programs-use.html

The HJT log seems clean.

Where exactly was the message you recieved from HJT. I haven't ever seen any messages from HJT about A/V or firewall being off or missing. HJT doesnt work in that way, its purely an analysis tool.

And waht do you mean, "its not running too bad"? Do you mean that there is still a problem with your computer, and how so? Please elaborate.

(Oh an I like your user name. Good one.)
Click to expand...

I wasn't very clear on where my message was coming from on HJT. It actually comes from www.hijackthis.de/. I do a scan on HJT and then cut and paste on that site. The message is in the upper top left hand corner of the page. I get the same message on my Laptop too. I’ve done the same updates as far as AVG and Malwarebytes. AVG and Windows Security Center both say that they are running and up to date. As far as how my PC is running, I’ve been on dial-up for years and finally got Verizon Satellite recently. So, it makes it hard for me to tell the differences on performance. My Desktop at home was built in 2003 so I’m not sure how much life it has left in it. John35 suggested reinstalling Windows. The person that built the computer is no longer around and I don’t know what happened to the CD? I checked on the price and decided it was more than I wanted to spend right now.
Bobby Darin is a favorite of mine. I got to see him before he passed away and have always enjoyed his stuff. If it wouldn’t have been mcktheknf I would have probably gone with “Plstc or Spnrs” …. Hi John
 
Ok, I 86ed my Windows Security Center and download ZoneAlert and that fixed the message about Firewalls. I still get a message at HJT Analyzer about my Antivirus not being detected, but I'm up for the challenge. I need some excitement in my life.
 
Avg

You need AVG set to run at startup. You can do this by using msconfig and AVG.
First:
* Go into AVG into user settings (or the like) and check to see if there is a setting for disabling AVG at startup. If you find a setting of this sort, change it so that AVG runs at startup.

Then:
* Go to RUN on the start menu and type this in: msconfig
* Once the msconfig window opens, go to the startup tab
*Look for ANY instances of AVG entries, and add a check mark to ALL you find.
* Close msconfig by clicking "OK"

** You can either restart right then or later (it will prompt you upon exiting msconfig). Just don't forget to restart eventually. And if you could, please upload a new HJT log after you restart. That way we can see if the changes "took".


How exactly did you 86 the windows security center? Unless I'm mistaken it cant be uninstalled.
 
mcktheknf said:
Ok, I 86ed my Windows Security Center and download ZoneAlert and that fixed the message about Firewalls. I still get a message at HJT Analyzer about my Antivirus not being detected, but I'm up for the challenge. I need some excitement in my life.
Click to expand...

Can you give us a screen shot of this hjt analyzer. HJT can't tell you if you have a antivirus program installed or not. It's not like windows security center.

Please download and run combofix and post the logfile from it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I hadn't 86ed my Windows Security Center like I thought i did. It actually downloaded the new software on the Security Center. I've spent the last half hour trying to figure out how to disable AVG. Thank God for my laptop. I'm beginning to think I need to stick to hammers and nails.
 
Please stop what you are doing and follow my advice. I have a feeling you just downloaded more malware.
 
ComboFix 10-03-08.01 - Rick 03/08/2010 18:30:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.219 [GMT -8:00]
Running from: c:\documents and settings\Rick\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 00:30 . 2010-03-09 00:30 -------- d-----w- c:\documents and settings\Rick\Application Data\CheckPoint
2010-03-09 00:28 . 2010-03-09 02:42 -------- d-----w- c:\windows\Internet Logs
2010-03-07 22:55 . 2010-03-07 23:00 -------- d-----w- c:\documents and settings\Rick\Application Data\Nero
2010-03-07 22:49 . 2010-03-07 22:50 -------- d-----w- c:\program files\Nero
2010-03-07 22:49 . 2010-03-07 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-03-07 22:48 . 2010-03-07 22:51 -------- d-----w- c:\program files\Common Files\Nero
2010-03-07 22:47 . 2010-03-07 23:49 -------- d-----w- c:\program files\Ask.com
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\Rick\Application Data\Canneverbe Limited
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-02-28 14:48 . 2010-02-28 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-28 14:47 . 2010-02-28 14:48 -------- d-----w- c:\program files\CCleaner
2010-02-27 21:11 . 2010-02-27 21:11 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Ahead
2010-02-24 00:47 . 2010-02-24 00:47 -------- d-----w- c:\program files\Verizon Wireless
2010-02-24 00:33 . 2010-02-24 00:33 -------- d-----w- c:\documents and settings\Rick\Application Data\Verizon Wireless
2010-02-24 00:30 . 2009-08-12 11:13 113680 ----a-w- c:\windows\system32\drivers\PTDUWWAN.sys
2010-02-24 00:30 . 2009-08-12 11:13 11920 ----a-w- c:\windows\system32\drivers\PTDUWFLT.sys
2010-02-24 00:30 . 2009-08-12 11:13 160272 ----a-w- c:\windows\system32\drivers\PTDUVsp.sys
2010-02-24 00:30 . 2009-08-12 11:13 54416 ----a-w- c:\windows\system32\drivers\PTDUBus.sys
2010-02-24 00:30 . 2009-08-12 11:13 160272 ----a-w- c:\windows\system32\drivers\PTDUMdm.sys
2010-02-24 00:30 . 2009-08-12 11:19 111704 ----a-w- c:\windows\system32\PTDUWmcp64.dll
2010-02-24 00:28 . 2010-02-24 00:28 -------- d-----w- c:\documents and settings\Rick\Application Data\InstallShield
2010-02-21 06:19 . 2010-02-21 06:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-15 03:57 . 2010-02-15 03:57 -------- d-----w- c:\program files\MSN Toolbar
2010-02-15 03:55 . 2010-02-15 03:57 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-02-15 03:55 . 2010-02-15 03:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-15 03:55 . 2010-02-15 03:55 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 05:42 . 2010-02-13 05:42 -------- d-----w- c:\documents and settings\Rick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-13 05:02 . 2010-02-13 05:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-13 04:57 . 2010-02-13 04:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-13 04:51 . 2010-02-13 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-13 04:18 . 2010-02-13 04:18 -------- d-----w- c:\program files\Trend Micro
2010-02-13 03:22 . 2010-02-13 03:22 -------- d-----w- c:\documents and settings\Rick\Application Data\Uniblue
2010-02-13 03:04 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 03:04 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 06:33 . 2010-02-10 06:33 -------- d-----w- c:\documents and settings\Rick\Application Data\AVG8
2010-02-10 06:19 . 2010-02-10 06:19 -------- d-----w- c:\documents and settings\Rick\Application Data\TuneUp Software
2010-02-10 06:18 . 2010-02-17 01:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-10 06:18 . 2010-02-17 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-02-10 06:18 . 2010-02-10 06:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-09 01:01 . 2010-02-13 02:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-09 01:01 . 2010-02-13 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 01:34 . 2010-03-09 01:35 1604608 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-03-09 01:24 . 2010-03-09 01:24 506628 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-03-09 00:29 . 2010-03-09 00:29 -------- d-----w- c:\program files\CheckPoint
2010-03-09 00:29 . 2010-03-09 00:29 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-09 00:29 . 2010-03-09 00:29 -------- d-----w- c:\program files\Zone Labs
2010-02-28 14:47 . 2004-12-01 08:54 -------- d-----w- c:\program files\Yahoo!
2010-02-27 04:14 . 2005-12-12 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-02-24 00:45 . 2009-06-27 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-02-24 00:25 . 2010-02-24 00:22 29253144 ----a-w- c:\documents and settings\Rick\Application Data\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_UM175.exe
2010-02-24 00:22 . 2009-06-27 00:55 -------- d-----w- c:\documents and settings\Rick\Application Data\Smith Micro
2010-02-15 03:57 . 2010-02-05 04:20 -------- d-----w- c:\program files\Microsoft
2010-02-15 03:55 . 2010-02-15 03:55 61440 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59fd01bb-n\decora-sse.dll
2010-02-15 03:55 . 2010-02-15 03:55 348160 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\msvcr71.dll
2010-02-15 03:55 . 2010-02-15 03:55 503808 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\msvcp71.dll
2010-02-15 03:55 . 2010-02-15 03:55 499712 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\jmc.dll
2010-02-15 03:55 . 2010-02-15 03:55 12800 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59fd01bb-n\decora-d3d.dll
2010-02-15 03:54 . 2008-12-27 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 03:54 . 2006-02-19 22:24 -------- d-----w- c:\program files\Java
2010-02-13 05:01 . 2004-12-01 08:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 04:56 . 2010-02-13 04:57 38784 ----a-w- c:\documents and settings\Rick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 04:56 . 2010-02-13 04:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 04:52 . 2010-02-13 04:52 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-13 03:05 . 2010-02-05 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 03:05 . 2010-02-13 03:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 00:10 . 2010-02-06 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-06 23:53 . 2010-02-06 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-06 23:53 . 2010-02-06 23:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-06 23:53 . 2010-02-06 23:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-06 23:53 . 2010-02-06 23:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-06 23:52 . 2010-02-06 23:52 -------- d-----w- c:\program files\AVG
2010-02-06 23:52 . 2010-02-06 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-05 23:09 . 2010-02-05 23:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2010-02-05 23:08 . 2010-02-05 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 03:51 . 2010-01-28 01:29 -------- d-----w- c:\program files\Handbrake
2010-02-04 01:38 . 2009-01-22 05:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 20:18 . 2010-02-10 06:20 30024 ----a-w- c:\windows\system32\uxt3.tmp
2010-01-28 01:50 . 2010-01-28 01:50 -------- d-----w- c:\documents and settings\Rick\Application Data\Ahead
2010-01-28 01:30 . 2010-01-28 01:29 -------- d-----w- c:\documents and settings\Rick\Application Data\HandBrake
2009-12-31 16:50 . 2004-08-04 06:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-12-01 23:31 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-06 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9wd"=2 (0x2)
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=3 (0x3)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=3 (0x3)
"SeaPort"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RetroWDSvc"=2 (0x2)
"Retrospect Helper"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IswSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"Dcfssvc"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"CCALib8"=2 (0x2)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/6/2010 3:53 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/6/2010 3:53 PM 360584]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 5:30 AM 25208]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2/23/2010 4:30 PM 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2/23/2010 4:30 PM 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2/23/2010 4:30 PM 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2/23/2010 4:30 PM 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2/23/2010 4:30 PM 113680]
R4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/6/2010 3:52 PM 285392]
R4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 5:30 AM 476528]
S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [12/11/2005 11:36 AM 28704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]

2010-03-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 18:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: {730EE6FC-B357-4998-BC82-9B537B3E9892} = 66.174.92.14 69.78.96.14
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://cam-rg.dev.lane.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\gbpyiw93.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Rick\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-03-08 18:55:59
ComboFix-quarantined-files.txt 2010-03-09 02:55

Pre-Run: 43,332,624,384 bytes free
Post-Run: 43,443,343,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2126A26F6CB96EEE04F186D79D85F76D
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:20 PM, on 3/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230007659656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230007389750
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cam-rg.dev.lane.edu/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{730EE6FC-B357-4998-BC82-9B537B3E9892}: NameServer = 66.174.92.14 69.78.96.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8924 bytes
 
The ComboFix log: Complete
A fresh HiJackThis log: Complete
An update on how your computer is running: Like a champ
 
Avg

From my previous post:

"First:
* Go into AVG into user settings (or the like) and check to see if there is a setting for disabling AVG at startup. If you find a setting of this sort, change it so that AVG runs at startup."


You want AVG to run at startup, and all the time. What I was referring to was that some programs include optional settings that can allow you to disable the program during certain computer events (such as at startup).

However, you do not want to disable AVG. You want to fully ENABLE it. You need to check and see if it is disabled in AVG and msconfig, so that you can enable it.

In your HJT log there is no entry for AVG at startup, thus my concern.

I did not mean to confuse you, I apologize.

Also, I would suggest extreme caution if you choose to use something like http://www.hijackthis.de/.

Definitely finish any and all steps Johnb is giving you. He is the master of security repair.
 
You must log in or register to reply here.
Back
Top