Novice wants to add a memory card

teddysmith1952 · Jul 12, 2009

c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\551747 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\5535 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\58197 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\59913 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\61779 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\61795 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\625325 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\627072 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\64495 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\64517 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\65770 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\67215 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\70469 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\74398 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\744816 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\74777 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\748176 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\748893 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\751209 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\79246 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\86739 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\93899 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\93934 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\tooltipxml\95777 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\dynamic\ustat\35be.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\btntrans.idx (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\btntrans1.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\buttondir.txt (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\components.cdf (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\cursors.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\default.cdf (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_categorize. mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_comparison. mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_favorites.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_Games.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_Hide.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_hotbarcom.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_jemster.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_jemsterie.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_jemsteruk.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_jobsearch.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_Mails.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_MobileSidew alk.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_new.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_premium.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_reun.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_ringtones.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_SearchBoxTr apper.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_searchfor.m nu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_searchgo.mn u (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_weather.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Default_yellowpages .mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_100 0.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_200 0.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_300 0.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar .res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_bba r1.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_log os.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_buttons_oth er.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\d_icons_weather.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\email-t1-bg.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\icons2.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\ie_games_icon.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\ie_video.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\keywords.idx (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\keywords1.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\layout.cdf (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\linkpathlegal.txt (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\progress.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\sales_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\s_icons_buttons.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\t2_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\top7.cdf (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\tsd_bg.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\zango_btn.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\2\zango_ie_menu.res (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xi p (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\buttondir.xi p (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\cursors.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\default.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_1000.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_2000.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_3000.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_bar.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_bbar1.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_logos.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_other.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\d_icons_weat her.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\icons2.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\ie_games_ico n.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\keywords.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\keywords1.xi p (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\layout.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\linkpathlega l.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\progress.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\sales_button s.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\samplegroups 2.txt (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\samplegroups 2.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\s_icons_butt ons.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\top7.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xi p (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Jamie's\application data\Zango\v3.0\Zango\static\DownLoad\zango_ie_men u.xip (Adware.Zango) -> Quarantined and deleted successfully.

teddysmith1952 · Jul 12, 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:07 AM, on 7/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [EPSON NX300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE JA.EXE /FU "C:\DOCUME~1\Jim's\LOCALS~1\Temp\E_S8A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
O4 - HKUS\S-1-5-21-2218385644-1888872791-1663132888-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Denise's')
O4 - HKUS\S-1-5-21-2218385644-1888872791-1663132888-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Denise's')
O4 - HKUS\S-1-5-21-2218385644-1888872791-1663132888-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Denise's')
O4 - HKUS\S-1-5-21-2218385644-1888872791-1663132888-1010\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Denise's')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1246389110178
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12136 bytes

johnb35 · Jul 12, 2009

Much better, thank you. Please do another hijackthis scan and place a check next to these items and then click on fix checked at the bottom.

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Also please run combofix, get it here and post the log file it creates at the end.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

teddysmith1952 · Jul 12, 2009

Ok John. I went back to HijackThis and fixed the 4 items you requested. I'm having problems downloading the Combofix. I went to the bleeping link you provided and it gave me three choices to download the combofix. The first gave me a error message that it may be broken, the other two directed me to a spyware site in spanish.

johnb35 · Jul 12, 2009

Sounds like you are still infected with a browser hijacker. Can you download it from a noninfected computer and transfer it to yours using a usb flashdrive?

teddysmith1952 · Jul 12, 2009

My daughter just got her new laptop out. We'll give it a whirl..

teddysmith1952 · Jul 12, 2009

My daughter get's the same thing. The bleepingcomputer says web page cannot be found and the other two in spanish. Can you try and see if you get the same thing? Thanks

teddysmith1952 · Jul 12, 2009

Clarification. My daughter has a brand new high powered laptop and uses my comcast internet via a router. If my browser has been hijacked that wouldn't affect her would it? Thanks

johnb35 · Jul 12, 2009

Ok, thats weird. It seems the links are corrupt now. I'll try and see if I can find a download that works.

teddysmith1952 · Jul 12, 2009

Ok, I found the combofix.exe thru another site called "plunder.com". I hope it is a safe site! Here is the log it created:

"Jim's" - 2009-07-12 11:05:54 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Jim's\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\DOCUME~1\Jim's\APPLIC~1\Install.dat"
"C:\Program Files\quick links\Uninst.log"
"C:\setup.exe"
"C:\Program Files\quick links"
"C:\Program Files\strcodec"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent

((((((((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 ))))))))))))))))))))))))))))))))))

2009-07-12 09:47 38,160 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-07-12 09:47 19,096 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-07-11 16:54 <DIR> d-------- C:\Program Files\Starware
2009-07-11 16:54 <DIR> d-------- C:\Program Files\SideFind
2009-07-11 16:54 <DIR> d-------- C:\Program Files\Seekmo
2009-07-11 16:54 <DIR> d-------- C:\Program Files\RXToolBar
2009-07-11 16:54 <DIR> d-------- C:\Program Files\MyWay
2009-07-11 16:54 <DIR> d-------- C:\DOCUME~1\Jim's\APPLIC~1\Starware
2009-07-11 16:54 <DIR> d-------- C:\DOCUME~1\Denise's\APPLIC~1\Starware
2009-07-11 16:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware
2009-07-11 08:46 <DIR> d-------- C:\Program Files\Trend Micro
2009-07-11 07:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-11 07:23 <DIR> d-------- C:\DOCUME~1\Jim's\APPLIC~1\Malwarebytes
2009-07-11 07:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-10 06:45 3,448,832 --a------ C:\Documents and Settings\Jim's\ntuser.dat
2009-07-10 06:45 3,448,832 --a------ C:\DOCUME~1\Jim's\ntuser.dat
2009-07-10 06:45 3,047,424 --a------ C:\DOCUME~1\Denise's\ntuser.dat
2009-07-10 06:45 237,568 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2009-07-01 12:50 <DIR> d--h----- C:\$AVG8.VAULT$
2009-07-01 11:32 335,752 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2009-07-01 11:32 11,952 --a------ C:\WINDOWS\system32\avgrsstx.dll
2009-07-01 11:32 108,552 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2009-07-01 11:32 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2009-07-01 11:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-01 11:31 <DIR> d-------- C:\Program Files\AVG
2009-07-01 11:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
2009-07-01 11:09 262,144 --a------ C:\DOCUME~1\TREVOR~1\NTUSER.DAT
2009-07-01 11:08 262,144 --a------ C:\DOCUME~1\FORRES~1\NTUSER.DAT
2009-07-01 11:08 262,144 --a------ C:\DOCUME~1\APPLIC~1\NTUSER.DAT
2009-06-30 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2009-06-17 13:02 <DIR> d-------- C:\DOCUME~1\Denise's\APPLIC~1\OpenOffice.org

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-07-11 23:54:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-07-02 09:08:28 -------- d-----w C:\Program Files\WinAce
2009-07-02 08:01:41 -------- d-----w C:\Program Files\Common Files\GMT
2009-07-02 08:01:35 -------- d-----w C:\Program Files\Common Files\CMEII
2009-06-30 20:05:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-06-30 20:04:26 -------- d-----w C:\Program Files\Jamdat
2009-06-30 20:04:01 -------- d-----w C:\Program Files\Kodak
2009-06-30 20:03:44 -------- d-----w C:\Program Files\Common Files\Kodak
2009-06-30 19:48:01 -------- d-----w C:\DOCUME~1\Jim's\APPLIC~1\Symantec
2009-06-28 22:22:45 4,013 -c--a-w C:\WINDOWS\viassary-hp.reg
2009-06-24 00:37:41 -------- d-----w C:\Program Files\PartyGaming
2009-06-10 00:27:04 -------- d-----w C:\DOCUME~1\Jim's\APPLIC~1\ImgBurn

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-05-30 14:18]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 22:33]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-01 11:32]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 13:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 13:13]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}=C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 13:24]
{A3BC75A2-1F87-4686-AA43-5347D756017C}=C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 16:07]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 21:28]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-16 11:36]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}=C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 16:53]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 13:12]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2005-05-04 11:46]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 13:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-03-26 21:07 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" []
"AGRSMMSG"="AGRSMMSG.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-01 13:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 11:17]
"@"="" []
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 16:38]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-07-01 11:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 08:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 19:00]
"Universal Installer"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 14:50]
"Desktop Software"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 14:50]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 11:12:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

Completion time: 2009-07-12 11:14:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2009-07-12 11:14

--- E O F ---

johnb35 · Jul 12, 2009

Can you tell me the file size of combofix? It should be around 2.98mb. I went to the page you said and the file size there is only 1.04 mb. Therefore, i wouldn't trust it as an official updated file. You most likely will have to wait until those 3 links gets fixed.

teddysmith1952 · Jul 12, 2009

John,

My computer suddenly has become much much faster. Faster than it's been in years. Are we making a breaktrough? Can't thank you enough! Jim

teddysmith1952 · Jul 12, 2009

I'm not sure how to determine the file size...

johnb35 · Jul 12, 2009

Right click on the file you downloaded and click on properties. Look on the general tab for file size.

teddysmith1952 · Jul 12, 2009

The combofix log file I saved to my desktop shows a file size of 8.09 KB

johnb35 · Jul 12, 2009

Not the log file but the actual file you downloaded to run combofix. I need that file size.

teddysmith1952 · Jul 12, 2009

So far my computer speed has increased dramatically but after reboot, I'm still getting the message "cannot find'file:///'. Make sure the path or internet address is correct"

teddysmith1952 · Jul 12, 2009

Is this it?

COMBOFIX[1].EXE-129AF292.pf File size 41.1 KB

johnb35 · Jul 12, 2009

teddysmith1952 said:
So far my computer speed has increased dramatically but after reboot, I'm still getting the message "cannot find'file:///'. Make sure the path or internet address is correct"

Type "msconfig" without the quotes in the run box in the start menu. click ok, when the page loads up click on the startup tab. Look through the list to find the offending file that it can't find at bootup and uncheck it. Uncheck anything else you don't want running at bootup. click ok, click apply. restart the computer and see if you still get the message.

johnb35 · Jul 12, 2009

The combofix downloads are working again please use one of the links in this page to download the newest version and rescan your system please and post the log that it displays.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Novice wants to add a memory card

New Member

New Member

Administrator

New Member

Administrator

New Member

New Member

New Member

Administrator

New Member

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member

New Member

Administrator

Administrator