Author Topic: [In Progress] No Internet connectivity (Read 2792 times)

sunnygirl · « **on:** December 17, 2010, 07:37:38 PM »

No internet connectivity shows up anytime i try to update windows, download any micosoft software, or anything that has to do with windows xp, windows update or microsoft. But I can Access everything just fine, except this particular window keeps on popping up called Web Security Guard, I have no idea what that is so just close it. I downloaded HJT, I followed the directions and i was prompted with these to post on this site; I am not a professional , just a beginner I have no idea what to do, please help, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:36 PM, on 12/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DJ Console] C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282704322796
O17 - HKLM\System\CCS\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{48DF4077-411C-4F03-8DFD-5017454415D7}: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS2\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS3\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: youma1 - youma1.dll (file missing)
O21 - SSODL: GootkitSSO - {61FD5F1E-E8CA-429B-A222-BA6EAE188DB3} - (no file)
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12916 bytes

Hoov · « **Reply #1 on:** December 17, 2010, 08:04:02 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

sunnygirl · « **Reply #2 on:** December 18, 2010, 01:44:45 AM »

WOW! Here it is, I had no idea all this was going on, I followed all your directions, now i have to reboot the PC, lets see what is going to happen.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2010 2:37:25 AM
mbam-log-2010-12-18 (02-37-25).txt

Scan type: Quick scan
Objects scanned: 140600
Time elapsed: 57 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 4
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\GootkitSSO (Trojan.GootKit) -> Value: GootkitSSO -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.68,93.188.161.85) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.68,93.188.161.85) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48DF4077-411C-4F03-8DFD-5017454415D7}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.68,93.188.161.85) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\WINDOWS\system32\config\systemprofile\application data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\application data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmaivrtqfucbr (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mozilla firefox\components\nsffxshot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pragmasrcr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\antonia benjamin\Localdir\winlogo.exe (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\application data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmaivrtqfucbr\pragmacfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Hoov · « **Reply #3 on:** December 18, 2010, 07:44:07 AM »

Let me know how it goes. Also can you run Hijackthis and post a new log?

sunnygirl · « **Reply #4 on:** December 18, 2010, 10:20:15 PM »

Well, all the viruses have seem to have been removed now i can update my system, and boy did it needed to updated

, but now its freezing and some drivers needed to be updated, in the device manager their are 3 items that is in need of updating especially the Modem Device on High Definition Audio Bus, the other 2 are Sony Notebook Control Device and Microcode Update device, I attempted to update the Microcode, but the its telling me that I have the latest version for all the devices, it(widows update) asked if i have a family chipset 5 or later, but the system says its a 6, don't know what that means, when i try to play music or any kind of sound, it sounds distorted, and when that happens everything seems to slow down, example: pages taking long to load up,motion slowness. then when the distortion stop its fine, what up with that? I never had that problem before even after i installed SP3, this just started about 3 weeks ago, i don't know if its the viruses or that it needs to be updated. But remember I cant update them. What should I do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:04 PM, on 12/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CinemaNow\CinemaNow Media Manager\IndivDrm.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\IndivDrm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DJ Console] C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282704322796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292670373140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: youma1 - youma1.dll (file missing)
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12807 bytes

Hoov · « **Reply #5 on:** December 18, 2010, 10:34:04 PM »

I need you to run Hijackthis again, but this time only do a system scan. Check the boxes next to the two lines below, and then click on the fix checked button.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0539533A-2AD1-4F22-9226-4FC4C0AB7353}: NameServer = 93.188.164.68,93.188.161.85

About the problem you are having, I need you to go into the control panel, go to system, and then select the hardware tab, and then click the device manager button. Now up at the top click on view and then select show hidden devices. Now look below that, are there any devices with a yellow checkmark or red x? Tell me what the device name is and which mark it has, if any.

I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

sunnygirl · « **Reply #6 on:** December 19, 2010, 12:12:04 AM »

Okay I followed your instructions.

sunnygirl · « **Reply #7 on:** December 19, 2010, 12:16:37 AM »

The hidden device that is marked is called Parport with a yellow circle and a black Exclamation mark

Hoov · « **Reply #8 on:** December 19, 2010, 12:55:59 PM »

Is this a laptop?

Also run windows update, and tell me what the error codes are for the updates that will not install. You event viewer log is showing that a lot of the problems you were having have been resolved.

sunnygirl · « **Reply #9 on:** December 21, 2010, 01:44:45 AM »

Yes this is a laptop. I ran an update and their are no new updates available. It is saying that the computer is up to date, But i am still having the problems

Hoov · « **Reply #10 on:** December 21, 2010, 11:39:55 AM »

The entry in the device manager for Parport is normal in laptops. It is the Parallel Port driver. Desktops have them, newer laptops do not, so there is an error.

With the problems that Malwarebytes' Anti-Malware removed, combined with the fact that you are still having problems, I would like to do a little shot gunning to see if we can kill it all at once.

Before we can do anything we must first end the processes that belong to Control Center so that it does not interfere with the cleaning procedure. To do this, download rkill.com to your desktop.

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Control Center and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Control Center when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Control Center . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Now run Malwarebytes' Anti-Malware and update it, then run a full scan instead of a quick scan. If it finds anything, fix it, and post the log, or just post the log if nothing is found.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Once you have run all that, reboot the computer and test out your system, tell me what problems remain if any.

sunnygirl · « **Reply #11 on:** December 22, 2010, 01:31:59 PM »

Ok here are the logs you requested, But I am still having that sound problem and the same device driver are still missing and now I see a new one called catchme and the internet is still loading slow other than tat everything else seems fine. Note I had to uninstall my AVG in order for combo fix it to run, I disabled it according to the directions and when i actually ran it I was being prompted to uninstall it. So what do I do next?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5371

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2010 7:22:29 AM
mbam-log-2010-12-22 (07-22-29).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 210546
Time elapsed: 13 hour(s), 45 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{76ed9d8f-f0bc-43ef-8c11-e4e136ded586}\RP186\A0138557.exe (Trojan.P2P.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{76ed9d8f-f0bc-43ef-8c11-e4e136ded586}\RP186\A0138559.exe (Trojan.P2P.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{76ed9d8f-f0bc-43ef-8c11-e4e136ded586}\RP186\A0138558.exe (Trojan.P2P.Dropper) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-12-21.05 - Antonia Benjamin 12/22/2010 9:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.854 [GMT -8:00]
Running from: c:\documents and settings\Antonia Benjamin\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Antonia Benjamin\Localdir
c:\windows\explorer(2).exe
c:\windows\jestertb.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\advf.sys
c:\windows\system32\winstartup.log

----- BITS: Possible infected sites -----

hxxp://youtouch.no-ip.biz
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_isydp

((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-19 22:40 . 2010-11-16 20:01   6273872   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F716D0C-FF1F-442A-999C-E626D4149A75}\mpengine.dll
2010-12-19 20:19 . 2010-12-20 07:52   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-12-19 03:50 . 2010-12-19 03:50   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\Windows Desktop Search
2010-12-19 01:00 . 2010-12-19 01:00   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-19 00:38 . 2010-12-19 00:38   --------   d-----w-   c:\program files\Common Files\Windows Live
2010-12-18 23:20 . 2010-11-16 20:01   6273872   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-18 22:07 . 2010-12-18 22:08   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\Sound Drivers For Windows XP Utility
2010-12-18 22:07 . 2010-12-18 22:07   --------   d-----w-   c:\program files\Sound Drivers For Windows XP Utility
2010-12-18 21:55 . 2010-12-18 21:56   --------   d-----w-   c:\program files\Device Doctor
2010-12-18 14:48 . 2009-08-07 03:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2010-12-18 13:31 . 2010-12-18 13:31   --------   d-----w-   c:\program files\Microsoft Works
2010-12-18 12:34 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2010-12-18 11:36 . 2010-10-19 20:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-12-18 09:24 . 2010-12-18 09:24   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\Malwarebytes
2010-12-18 09:24 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 09:24 . 2010-12-18 09:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-18 09:24 . 2010-12-22 18:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-18 09:24 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-18 05:42 . 2010-12-18 05:43   --------   d-----w-   c:\program files\CCleaner
2010-12-18 01:16 . 2010-12-18 01:16   --------   d-----w-   c:\program files\Trend Micro
2010-12-18 00:20 . 2010-12-18 00:22   --------   d-----w-   c:\program files\Microsoft Security Client
2010-12-17 21:32 . 2006-12-29 08:31   19569   ----a-w-   c:\windows\000002_.tmp
2010-12-16 08:43 . 2007-11-29 15:38   40056   ----a-w-   c:\windows\system32\NicInst.dll
2010-12-16 08:43 . 2007-08-07 16:28   28272   ----a-w-   c:\windows\system32\NicCo2.dll
2010-12-15 07:43 . 2008-06-20 00:27   9715200   ----a-w-   c:\windows\RTLCPL.EXE
2010-12-15 07:43 . 2008-06-20 00:27   9715200   ------w-   c:\windows\SET93.tmp
2010-12-15 07:43 . 2009-08-19 01:32   5884416   ------w-   c:\windows\system32\drivers\SET8D.tmp
2010-12-15 07:43 . 2008-08-07 01:12   4755968   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys
2010-12-15 07:42 . 2009-08-14 22:08   18702336   ------w-   c:\windows\SET8E.tmp
2010-12-15 07:42 . 2007-12-01 02:42   16858624   ----a-w-   c:\windows\RTHDCPL.EXE
2010-12-15 05:32 . 2010-12-15 05:32   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-12-15 00:40 . 2010-12-15 00:40   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\DeviceDoctorSoftware
2010-12-14 05:28 . 2010-12-14 22:18   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\Auslogics
2010-12-14 05:24 . 2010-12-14 23:22   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-12-14 05:22 . 2010-12-14 05:22   --------   d-----w-   c:\program files\Auslogics
2010-12-11 10:34 . 2008-07-13 07:34   2732032   ----a-w-   c:\windows\system32\Netw2r32.dll
2010-12-11 10:34 . 2008-07-13 07:34   557056   ----a-w-   c:\windows\system32\Netw2c32.dll
2010-12-10 08:46 . 2007-02-28 22:42   80896   ----a-w-   c:\windows\system32\drivers\tifmsony.sys
2010-12-09 23:16 . 2006-04-01 14:33   135168   ----a-r-   c:\windows\system32\igfxres.dll
2010-12-09 09:20 . 2005-04-29 23:18   201484   ----a-w-   c:\windows\system32\drivers\umss.sys
2010-12-08 05:23 . 2010-12-08 05:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-12-07 03:12 . 2010-12-07 03:12   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Local Settings\Application Data\Innovative Solutions
2010-12-07 03:12 . 2010-12-07 03:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-12-07 03:11 . 2010-12-07 03:11   --------   d-----w-   c:\program files\Innovative Solutions
2010-12-07 02:57 . 2008-07-15 21:47   1196032   ----a-w-   c:\windows\RtlUpd.exe
2010-12-07 01:38 . 2008-09-24 18:40   4122368   ----a-r-   c:\windows\system32\drivers\alcxwdm.sys
2010-12-07 01:38 . 2006-12-08 23:20   10528768   ----a-w-   c:\windows\system32\RTLCPL.exe
2010-12-07 01:35 . 2010-12-07 01:36   --------   d-----w-   c:\program files\Realtek AC97
2010-12-07 01:34 . 2006-07-31 19:19   315392   ----a-w-   c:\windows\alcupd.exe
2010-12-07 01:34 . 2006-07-31 19:27   217088   ----a-w-   c:\windows\alcrmv.exe
2010-12-07 01:33 . 2006-02-07 23:40   204800   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-07 01:33 . 2006-02-07 23:45   757760   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-07 01:33 . 2006-02-07 23:40   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-07 01:33 . 2006-02-07 23:40   274432   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-07 01:33 . 2005-11-14 07:19   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-07 01:33 . 2010-12-07 01:33   200836   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-12-07 01:32 . 2010-12-07 01:32   331908   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-11-30 01:38 . 2010-11-30 01:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-29 03:35 . 2010-11-29 03:35   --------   d-----w-   c:\documents and settings\Antonia Benjamin\Application Data\AVG10
2010-11-29 03:33 . 2010-11-29 03:33   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2010-11-29 03:30 . 2010-12-22 17:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG10
2010-11-29 03:09 . 2010-11-29 03:09   --------   d-----w-   c:\program files\AVG
2010-11-28 16:47 . 2010-11-28 16:47   --------   d-----w-   c:\program files\Apple Software Update
2010-11-28 16:45 . 2010-11-28 16:45   --------   d-----w-   c:\program files\Bonjour
2010-11-28 08:59 . 2001-08-17 20:51   20752   -c--a-w-   c:\windows\system32\dllcache\sonync.sys
2010-11-28 08:59 . 2001-08-17 20:51   20752   ----a-w-   c:\windows\system32\drivers\sonync.sys
2010-11-27 07:56 . 2010-09-15 10:29   73728   ----a-w-   c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-03-07 18:17   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 00:19 . 2010-11-03 03:59   147456   ----a-w-   c:\windows\system32\vbzip10.dll
2010-11-11 21:27 . 2010-11-05 10:44   0   ---ha-w-   c:\windows\BIT1A.tmp
2010-11-11 21:26 . 2010-11-05 10:44   0   ---ha-w-   c:\windows\BIT19.tmp
2010-11-11 11:52 . 2010-11-05 10:55   0   ---ha-w-   c:\windows\BIT1E.tmp
2010-11-06 00:26 . 2004-08-12 13:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33   1853312   ----a-w-   c:\windows\system32\win32k.sys
2010-10-25 05:25 . 2010-10-25 05:25   165264   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2010-10-07 20:23 . 2010-10-07 20:23   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-09-29 21:11 . 2010-03-07 19:16   1251944   ----a-w-   c:\windows\RtlExUpd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCScheduler.exe" [2004-04-18 90112]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-11-18 9221024]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-11-18 9221024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DJ Console"="c:\program files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe" [2004-12-24 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-01 16858624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Antonia Benjamin\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [11/5/2010 1:18 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [11/5/2010 1:18 PM 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [11/5/2010 1:18 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 6:05 PM 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 4:40 PM 127352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/14/2010 3:10 PM 135664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 7:33 AM 219632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/12/2004 5:30 AM 14336]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 7:33 AM 1116656]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 5:30 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ     WINRM
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 23:10]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 23:10]

2010-12-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Antonia Benjamin\Application Data\Mozilla\Firefox\Profiles\tdd62aq9.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf31ee0&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\progra~1\Crawler\Toolbar\firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Zoodles: firefox@zoodles.com - %profile%\extensions\firefox@zoodles.com
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Universal Media Player - c:\program files\LocalAutorun\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 10:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\VxBlockServer.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-22 10:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-22 18:54

Pre-Run: 43,055,243,264 bytes free
Post-Run: 43,378,139,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 6525B7B1C4637EEE4271BFC8E0837792

Hoov · « **Reply #12 on:** December 22, 2010, 01:45:38 PM »

Catchme is part of Combofix, no need to worry about that.

In IE, I need you to perform the following scan,

Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log and a fresh HijackThis log.

Once you have removed anything it finds (Shouldn't find anything) you can go ahead and reinstall AVG.

Next I would like you to reset your Winsock, using the following instructions,

Click Start. click run, type: cmd, and press Enter
Type: netsh winsock reset, and then press the ENTER key.
Type: Exit and press ENTER.
Restart the computer.

Now test your internet connection and see if it is working any better.

If all is well up to this point, then next we fix your drivers.

sunnygirl · « **Reply #13 on:** December 22, 2010, 04:18:06 PM »

Okay I did the steps. Here are the reports;

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Wed Dec 22 14:13:28 2010
Machine ID: 8CC467BC

No infection found.
-------------------

Processes
---------
(unsigned) Ares p2p for windows 3660 C:\Program Files\Ares\Ares.exe

(verified) SaibSVC Application 1724 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(verified) AVG IDS 2288 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(verified) AVG IDS 4232 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(verified) AVG Internet Security 5228 C:\Program Files\AVG\AVG10\avgcsrvx.exe
(verified) AVG Internet Security 2068 C:\Program Files\AVG\AVG10\avgemcx.exe
(verified) AVG Internet Security 364 C:\Program Files\AVG\AVG10\avgnsx.exe
(verified) AVG Internet Security 916 C:\Program Files\AVG\AVG10\avgtray.exe
(verified) AVG Internet Security 2792 C:\Program Files\AVG\AVG10\avgwdsvc.exe
(verified) AVG Internet Security 2004 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
(verified) AVG Internet Security 2116 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(verified) Bonjour 3056 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) CinemaNow IndivDRM 2968 C:\Program Files\CinemaNow\CinemaNow Media Manager\IndivDRM.exe
(verified) CinemaNow Service Application 1004 C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(verified) CleanMyPC Registry Cleaner 2284 C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
(verified) CPMonitor Application 1848 C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
(verified) Crawler Toolbar 5408 C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
(verified) DriverMax 3600 C:\Program Files\Innovative Solutions\DriverMax\devices.exe
(verified) Firefox 5936 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 5392 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) GrooveMonitor Utility 3612 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Hercules® DJ Console Mixer 3808 C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
(verified) Internet Information Services 3556 C:\WINDOWS\system32\inetsrv\inetinfo.exe
(verified) iTunes 4284 C:\Program Files\iPod\bin\iPodService.exe
(verified) iTunes 2212 C:\Program Files\iTunes\iTunesHelper.exe
(verified) Java(TM) Platform SE 6 U22 3972 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Malware Protection 260 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(verified) Microsoft Security Client 2596 C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System 2932 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System 452 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3304 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1260 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2256 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1192 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 2148 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 1744 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 2392 C:\WINDOWS\system32\snmp.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 352 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1868 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2616 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1776 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 180 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 592 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 896 C:\WINDOWS\system32\winlogon.exe
(verified) MobileDeviceService 2152 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) Realtek HD Audio Sound Effect Manager 2872 C:\WINDOWS\RTHDCPL.EXE
(verified) Roxio Burn 3200 C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(verified) TrueVector Service 1148 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(verified) VxBlock COM Server 1824 C:\WINDOWS\system32\VxBlockServer.exe
(verified) Yahoo! AutoUpdater 2924 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(verified) ZoneAlarm Client 2832 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

Network activity
----------------
Process Ares.exe (3660) connected on port 20011 --> 81.202.21.168
Process Ares.exe (3660) connected on port 32628 --> 201.215.15.88
Process Ares.exe (3660) connected on port 5662 --> 77.91.4.233
Process Ares.exe (3660) connected on port 48565 --> 190.162.254.245
Process Ares.exe (3660) connected on port 36658 --> 72.192.155.46
Process plugin-container.exe (5392) connected on port 5050 (Yahoo Messenger) --> webcs212p1.msg.ac4.yahoo.com
Process firefox.exe (5936) connected on port 80 (HTTP) --> 66.220.158.32
Process firefox.exe (5936) connected on port 80 (HTTP) --> 66.94.233.186
Process firefox.exe (5936) connected on port 80 (HTTP) --> 66.94.233.186
Process firefox.exe (5936) connected on port 80 (HTTP) --> 74.125.229.27
Process firefox.exe (5936) connected on port 80 (HTTP) --> 96.8.80.129
Process firefox.exe (5936) connected on port 80 (HTTP) --> 74.125.65.138
Process firefox.exe (5936) connected on port 80 (HTTP) --> 74.125.45.149

Process svchost.exe (180) listens on ports: 135 (RPC)
Process svchost.exe (1868) listens on ports: 3389 (Terminal Server)
Process inetinfo.exe (3556) listens on ports: 25 (SMTP), 80 (HTTP), 443 (HTTP over SSL), 1028 (RPC)
Process Ares.exe (3660) listens on ports: 30020

Autoruns and critical files
---------------------------
(unsigned) Ares p2p for windows C:\Program Files\Ares\Ares.exe
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(verified) AVG Internet Security C:\Program Files\AVG\AVG10\avgtray.exe
(verified) CleanMyPC Registry Cleaner C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
(verified) CommonSDK C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
(verified) CPMonitor Application C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
(verified) DriverMax C:\Program Files\Innovative Solutions\DriverMax\devices.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Hercules® DJ Console Mixer C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
(verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft Malware Protection c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(verified) Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
(verified) Realtek Azalia Mixer Select C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
(verified) Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
(verified) Roxio Burn C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
(verified) Windows® Search C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
(verified) ZoneAlarm Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

Browser plugins
---------------
(unsigned) Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) AVG Internet Security c:\program files\avg\avg10\avgssie.dll
(verified) AVG Security Toolbar c:\program files\avg\avg10\toolbar\ietoolbar.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Antonia Benjamin\Application Data\Mozilla\Firefox\Profiles\tdd62aq9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Antonia Benjamin\Application Data\Mozilla\Firefox\Profiles\tdd62aq9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Crawler Toolbar c:\program files\crawler\toolbar\ctbr.dll
(verified) getPlusPlus for Adobe 16291 C:\Documents and Settings\Antonia Benjamin\Application Data\Mozilla\Firefox\Profiles\tdd62aq9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
(verified) Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\nwprovau.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
(verified) Unity Player C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Yahoo! Search Protection c:\program files\yahoo!\search protection\ysp.dll
(verified) Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
(verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll

Scan
----
(unsigned) MD5: c796ac1332cc47940fb877cf9c2ceb49 C:\Program Files\Ares\Ares.exe
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: e72b70c57c4229d339fe110951932392 C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d07aceebe516a561767117c43088f2c C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) MD5: 2935447938967fdd07dd9118dfb4afb2 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
(unsigned) MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
(unsigned) MD5: dddbd3d825e9846b6adb78578aa7a699 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
(unsigned) MD5: 103976a97e25724e0a3ed50e48921cd2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
(unsigned) MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
(unsigned) MD5: 8721d91038cfbd5d5091becc4ff22e3d C:\PROGRA~1\Crawler\Toolbar\ctbcomm.dll
(unsigned) MD5: 25431e2dc58a422ce27c9f29d904e003 C:\PROGRA~1\Crawler\Toolbar\firefox\components\xcomm.dll
(unsigned) MD5: b0170a9f1f0d9a668d815b3ece135cb6 C:\PROGRA~1\Crawler\Toolbar\firefox\components\xshared.dll
(unsigned) MD5: 4c20a7877f340be462807935c8013251 C:\PROGRA~1\Crawler\Toolbar\firefox\components\xsupport.dll
(unsigned) MD5: 054eebeecc5d39f924388d513c237629 C:\PROGRA~1\Crawler\Toolbar\firefox\components\xwsg.dll
(unsigned) MD5: b1c43925460c12664b1398ec067560df C:\PROGRA~1\Crawler\Toolbar\WEBSEC~1.DLL
(unsigned) MD5: ac47b55b38d626b678897f195793ecab C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.06 MB sent, 0.69 KB recvd
Scanned 1400 files and modules - 53 seconds

==============================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:29 PM, on 12/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\IndivDrm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DJ Console] C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282704322796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292670373140
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11742 bytes

Hoov · « **Reply #14 on:** December 22, 2010, 04:22:00 PM »

How about the Winsock reset? Did any of this make a difference?

News:

Author Topic: [In Progress] No Internet connectivity (Read 2792 times)

sunnygirl

[In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity

sunnygirl

Re: [In Progress] No Internet connectivity

Hoov

Re: [In Progress] No Internet connectivity