Security Risk

Thanks for the help. I never had any ambition to learn about computers until I got a faster connection. Dial-up took all the fun out of any downloads. I doubt that my PC ran fast enough to get a virus. Now that this relic is getting older, I don't worry about screwing anything up so I try stuff I would have never dreamed of before. AVG runs on Start at msconfig so I think I'm safe now. I'm going to take your advice on hijackthis.de although I didn't use it, only checked with other posters and how the Forum Professionals handled errors on hijack logs.
 
Your pc doesn't have to run fast enought to get an infection. You get infected just by surfing to shotty websites.

There is one more step we need to do to clean up your pc.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


Code: 
File::
c:\windows\Internet Logs\xDB1.tmp
c:\windows\system32\uxt3.tmp


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Have you ran ccleaner lately to clean out all your old temp files? I also saw ask software in your logs. Please provide me with an uninstall list from hijackthis by doing the following.

Open hijackthis, click on open the misc tools section, click on open uninstall manager, click on save and save the list and then copy and paste it back here.
 
ComboFix 10-03-09.04 - Rick 03/09/2010 16:15:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.228 [GMT -8:00]
Running from: c:\documents and settings\Rick\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-09 00:30 . 2010-03-09 00:30 -------- d-----w- c:\documents and settings\Rick\Application Data\CheckPoint
2010-03-09 00:28 . 2010-03-10 00:24 -------- d-----w- c:\windows\Internet Logs
2010-03-07 22:55 . 2010-03-07 23:00 -------- d-----w- c:\documents and settings\Rick\Application Data\Nero
2010-03-07 22:49 . 2010-03-07 22:50 -------- d-----w- c:\program files\Nero
2010-03-07 22:49 . 2010-03-07 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-03-07 22:48 . 2010-03-07 22:51 -------- d-----w- c:\program files\Common Files\Nero
2010-03-07 22:47 . 2010-03-07 23:49 -------- d-----w- c:\program files\Ask.com
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\Rick\Application Data\Canneverbe Limited
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-02-28 14:48 . 2010-02-28 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-28 14:47 . 2010-02-28 14:48 -------- d-----w- c:\program files\CCleaner
2010-02-27 21:11 . 2010-02-27 21:11 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Ahead
2010-02-24 00:47 . 2010-02-24 00:47 -------- d-----w- c:\program files\Verizon Wireless
2010-02-24 00:33 . 2010-02-24 00:33 -------- d-----w- c:\documents and settings\Rick\Application Data\Verizon Wireless
2010-02-24 00:30 . 2009-08-12 11:13 113680 ----a-w- c:\windows\system32\drivers\PTDUWWAN.sys
2010-02-24 00:30 . 2009-08-12 11:13 11920 ----a-w- c:\windows\system32\drivers\PTDUWFLT.sys
2010-02-24 00:30 . 2009-08-12 11:13 160272 ----a-w- c:\windows\system32\drivers\PTDUVsp.sys
2010-02-24 00:30 . 2009-08-12 11:13 54416 ----a-w- c:\windows\system32\drivers\PTDUBus.sys
2010-02-24 00:30 . 2009-08-12 11:13 160272 ----a-w- c:\windows\system32\drivers\PTDUMdm.sys
2010-02-24 00:30 . 2009-08-12 11:19 111704 ----a-w- c:\windows\system32\PTDUWmcp64.dll
2010-02-24 00:28 . 2010-02-24 00:28 -------- d-----w- c:\documents and settings\Rick\Application Data\InstallShield
2010-02-21 06:19 . 2010-02-21 06:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-15 03:57 . 2010-02-15 03:57 -------- d-----w- c:\program files\MSN Toolbar
2010-02-15 03:55 . 2010-02-15 03:57 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-02-15 03:55 . 2010-02-15 03:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-15 03:55 . 2010-02-15 03:55 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 05:42 . 2010-02-13 05:42 -------- d-----w- c:\documents and settings\Rick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-13 05:02 . 2010-02-13 05:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-13 04:57 . 2010-02-13 04:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-13 04:51 . 2010-02-13 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-13 04:18 . 2010-02-13 04:18 -------- d-----w- c:\program files\Trend Micro
2010-02-13 03:22 . 2010-02-13 03:22 -------- d-----w- c:\documents and settings\Rick\Application Data\Uniblue
2010-02-13 03:04 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 03:04 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 06:33 . 2010-02-10 06:33 -------- d-----w- c:\documents and settings\Rick\Application Data\AVG8
2010-02-10 06:19 . 2010-02-10 06:19 -------- d-----w- c:\documents and settings\Rick\Application Data\TuneUp Software
2010-02-10 06:18 . 2010-02-17 01:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-10 06:18 . 2010-02-17 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-02-10 06:18 . 2010-02-10 06:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-09 01:01 . 2010-02-13 02:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-09 01:01 . 2010-02-13 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 00:29 . 2010-03-09 00:29 -------- d-----w- c:\program files\CheckPoint
2010-03-09 00:29 . 2010-03-09 00:29 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-09 00:29 . 2010-03-09 00:29 -------- d-----w- c:\program files\Zone Labs
2010-02-28 14:47 . 2004-12-01 08:54 -------- d-----w- c:\program files\Yahoo!
2010-02-27 04:14 . 2005-12-12 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-02-24 00:45 . 2009-06-27 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-02-24 00:25 . 2010-02-24 00:22 29253144 ----a-w- c:\documents and settings\Rick\Application Data\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_UM175.exe
2010-02-24 00:22 . 2009-06-27 00:55 -------- d-----w- c:\documents and settings\Rick\Application Data\Smith Micro
2010-02-15 03:57 . 2010-02-05 04:20 -------- d-----w- c:\program files\Microsoft
2010-02-15 03:55 . 2010-02-15 03:55 61440 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59fd01bb-n\decora-sse.dll
2010-02-15 03:55 . 2010-02-15 03:55 348160 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\msvcr71.dll
2010-02-15 03:55 . 2010-02-15 03:55 503808 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\msvcp71.dll
2010-02-15 03:55 . 2010-02-15 03:55 499712 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a5ff6fc-n\jmc.dll
2010-02-15 03:55 . 2010-02-15 03:55 12800 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59fd01bb-n\decora-d3d.dll
2010-02-15 03:54 . 2008-12-27 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 03:54 . 2006-02-19 22:24 -------- d-----w- c:\program files\Java
2010-02-13 05:01 . 2004-12-01 08:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 04:56 . 2010-02-13 04:57 38784 ----a-w- c:\documents and settings\Rick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 04:56 . 2010-02-13 04:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 04:52 . 2010-02-13 04:52 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-13 03:05 . 2010-02-05 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 03:05 . 2010-02-13 03:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 00:10 . 2010-02-06 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-06 23:53 . 2010-02-06 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-06 23:53 . 2010-02-06 23:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-06 23:53 . 2010-02-06 23:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-06 23:53 . 2010-02-06 23:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-06 23:52 . 2010-02-06 23:52 -------- d-----w- c:\program files\AVG
2010-02-06 23:52 . 2010-02-06 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-05 23:09 . 2010-02-05 23:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2010-02-05 23:08 . 2010-02-05 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 03:51 . 2010-01-28 01:29 -------- d-----w- c:\program files\Handbrake
2010-02-04 01:38 . 2009-01-22 05:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 20:18 . 2010-02-10 06:20 30024 ----a-w- c:\windows\system32\uxt3.tmp
2010-01-28 01:50 . 2010-01-28 01:50 -------- d-----w- c:\documents and settings\Rick\Application Data\Ahead
2010-01-28 01:30 . 2010-01-28 01:29 -------- d-----w- c:\documents and settings\Rick\Application Data\HandBrake
2009-12-31 16:50 . 2004-08-04 06:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 07:56 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-12-01 23:31 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

c:\documents and settings\Rick\Start Menu\Programs\Startup\
avgui.lnk - c:\program files\AVG\AVG9\avgui.exe [2010-2-6 4043544]
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2010-2-23 1790056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-06 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/6/2010 3:53 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/6/2010 3:53 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/6/2010 3:52 PM 285392]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 5:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 5:30 AM 476528]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2/23/2010 4:30 PM 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2/23/2010 4:30 PM 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2/23/2010 4:30 PM 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2/23/2010 4:30 PM 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2/23/2010 4:30 PM 113680]
S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [12/11/2005 11:36 AM 28704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]

2010-03-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 18:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: {730EE6FC-B357-4998-BC82-9B537B3E9892} = 66.174.92.14 69.78.96.14
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://cam-rg.dev.lane.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\gbpyiw93.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Rick\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 16:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(560)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(1508)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-03-09 16:36:03
ComboFix-quarantined-files.txt 2010-03-10 00:35
ComboFix2.txt 2010-03-09 02:56

Pre-Run: 43,456,040,960 bytes free
Post-Run: 43,382,460,416 bytes free

- - End Of File - - 089E1DD94078F8E3BBFA3196EB984996
 
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.1
Advertising Center
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 9.0
AXIS Media Control Embedded
Bonjour
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Eye Candy 4000
Garmin WebUpdater
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Imaging Device Functions 11.0
HP Memories Disc
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPCarePackCore
HPCarePackProducts
iTunes
Java(TM) 6 Update 18
Kodak EasyShare software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6)
MrvlUsgTracking
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Nic's XviD Decoder
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
PANTECH UM175 Driver
PictureProject
QuickTime
Realtek AC'97 Audio
Retrospect 6.5
SAMSUNG Mobile Modem Driver Set
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shop for HP Supplies
Spelling Dictionaries Support For Adobe Reader 9
TOPO!
TOPO! California Map Pack
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VZAccess Manager
WD Media Center Driver
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Toolbar
 
if i

If I were you, I would remove the ask toolbar first. Its prone to malware.

I would also get rid of the Google and Yahoo tool bars. They're just un-needed.
 
You must log in or register to reply here.
Back
Top