I have had several issues with malware and viruses Trojan.General and Trojan.Virtumonde. I was unable to open my system restore, had popups, unable to download or run malwarebytes, etc. I ran combo fix, and my system restore has come back, however, I still have popups and unwanted processes running. Here is my Combo Fix Log. Any help would be appreciated!! Thank you muchly in advance!
ComboFix 10-03-14.01 - Michelle 03/14/2010 14:49:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1525 [GMT -4:00]
Running from: c:\documents and settings\Michelle\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bezuyiza.dll
c:\windows\system32\fogiguzu.dll
c:\windows\Tasks\krynixfk.job
.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 18:11 . 2010-03-14 18:11 -------- d-----w- C:\VundoFix Backups
2010-03-14 17:51 . 2010-03-14 18:10 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-03-14 17:37 . 2010-03-14 17:37 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Threat Expert
2010-03-14 17:36 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 17:36 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 17:36 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 17:36 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 17:36 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 17:36 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 17:32 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 17:32 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 17:32 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 17:32 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 17:31 . 2010-03-14 18:30 -------- d-----w- c:\program files\Spyware Doctor
2010-03-14 17:31 . 2010-03-14 17:31 -------- d-----w- c:\documents and settings\Michelle\Application Data\PC Tools
2010-03-14 17:31 . 2010-03-14 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 01:03 . 2010-03-14 01:03 -------- d-----w- c:\documents and settings\Michelle\Application Data\Registry Mechanic
2010-03-14 00:58 . 2010-03-14 18:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-14 00:58 . 2010-03-14 17:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-13 16:55 . 2010-03-13 16:55 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes
2010-03-13 16:55 . 2010-03-13 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 08:44 . 2010-03-13 08:44 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\WMTools Downloaded Files
2010-03-12 18:32 . 2010-03-12 18:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-12 18:32 . 2010-03-12 18:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-12 18:27 . 2010-03-14 18:56 823296 ----a-w- c:\windows\system32\drivers\mjvmswud.sys
2010-03-12 18:27 . 2010-03-14 18:55 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Windows Server
2010-03-11 04:25 . 2010-03-11 04:25 -------- d-----w- c:\program files\VideoLAN
2010-03-11 04:23 . 2010-03-11 04:23 -------- d-----w- c:\program files\Graboid
2010-02-22 01:18 . 2010-02-22 01:19 -------- d-----w- c:\program files\iTunes
2010-02-22 01:16 . 2010-02-22 01:16 -------- d-----w- c:\program files\Bonjour
2010-02-22 01:15 . 2010-02-22 01:15 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 08:38 . 2008-07-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-12 00:39 . 2008-07-25 05:28 -------- d-----w- c:\documents and settings\Michelle\Application Data\Move Networks
2010-03-11 21:10 . 2009-11-16 02:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\U3
2010-03-11 04:10 . 2009-08-06 03:54 143976 ----a-w- c:\documents and settings\Michelle\Application Data\Move Networks\uninstall.exe
2010-03-11 04:10 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Michelle\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-03-11 04:10 . 2010-03-11 04:10 1794456 ----a-w- c:\documents and settings\Michelle\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-02-22 01:18 . 2008-05-30 19:13 -------- d-----w- c:\program files\iPod
2010-02-22 01:18 . 2008-05-30 19:20 -------- d-----w- c:\program files\Common Files\Apple
2010-02-22 01:10 . 2010-02-22 01:10 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 20:46 . 2008-05-30 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-09 18:24 . 2008-06-20 14:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 05:51 . 2008-05-23 09:19 -------- d-----w- c:\program files\Google
2010-01-22 06:50 . 2008-09-24 16:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-05 06:11 . 2009-11-13 06:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-31 16:50 . 2004-08-10 17:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\hesanebo.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\jagepeyu.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\kijudawi.dll
1601-01-01 00:03 . 1601-01-01 00:03 95232 --sha-w- c:\windows\system32\parahuri.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\tewehipo.dll
1601-01-01 00:03 . 1601-01-01 00:03 71168 --sha-w- c:\windows\system32\towoyila.dll
1601-01-01 00:03 . 1601-01-01 00:03 95744 --sha-w- c:\windows\system32\tudotipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\wigafipe.dll
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\wirubifa.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\yopufuju.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_04.03.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2004-08-10 17:51 . 2009-12-09 14:28 72978 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-03-14 18:46 72978 c:\windows\system32\perfc009.dat
+ 2008-05-29 20:52 . 2010-03-14 17:46 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-29 20:52 . 2010-03-14 17:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-29 20:52 . 2010-03-13 19:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-14 17:46 . 2010-03-14 17:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-10 17:51 . 2009-12-09 14:28 445938 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-03-14 18:46 445938 c:\windows\system32\perfh009.dat
+ 2010-03-14 17:32 . 2010-03-14 17:32 228352 c:\windows\Installer\2c3fbd9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bed0556-7bd3-4b69-859d-18e889d39edb}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\yopufuju.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"nolitamug"="c:\windows\system32\fogiguzu.dll" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-23 09:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2010-01-02 18:09 3280712 ----a-w- c:\program files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-02 03:40 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-02-08 16:02 2343632 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-06-12 20:47 50528 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 14:00 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 14:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-05-30 19:00 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-20 20:50 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-20 20:50 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-03-25 08:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-07 05:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"stllssvr"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GoToAssist"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avg8wd"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9fec391515878"=2 (0x2)
"DellAMBrokerService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"a2AntiMalware"=2 (0x2)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\Michelle\Local Settings\Application Data\Windows Server\xetpmk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Piolet\\piolet.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/4/2009 10:41 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/14/2010 1:32 PM 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/7/2008 11:54 AM 335240]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/14/2010 1:36 PM 112592]
S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [3/14/2010 1:51 PM 1858144]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/7/2008 11:53 AM 297752]
S4 gupdate1c9fec391515878;Google Update Service (gupdate1c9fec391515878);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2009 1:27 AM 133104]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/14/2010 1:31 PM 365280]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/29/2008 5:47 PM 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - mjvmswud
.
Contents of the 'Scheduled Tasks' folder
2010-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:40]
2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 05:25]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 05:26]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 05:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080523
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/gs.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-{96b8d020-ddd7-4df6-aa19-932bdf030a2a} - c:\windows\system32\fogiguzu.dll
SSODL-pamadigop-{96b8d020-ddd7-4df6-aa19-932bdf030a2a} - c:\windows\system32\fogiguzu.dll
MSConfigStartUp-nolitamug - c:\windows\system32\fogiguzu.dll
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
MSConfigStartUp-zedazenayi - veriwada.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-14 14:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mjvmswud]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\documents and settings\Michelle\Local Settings\Application Data\Windows Server\xetpmk.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
- - - - - - - > 'lsass.exe'(792)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\documents and settings\Michelle\Local Settings\Application Data\Windows Server\xetpmk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-03-14 15:01:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 19:01
ComboFix2.txt 2010-03-14 04:07
Pre-Run: 202,091,397,120 bytes free
Post-Run: 202,164,076,544 bytes free
- - End Of File - - D6E3B1801BCA361FBAF30DE7791787DE