I am NOT a computer geek at all, just a small business owner with internet skills trying to fix my own computer.
I know nothing about building computers, nothing really about how programs are written, etc. So I had no idea what this issue was but the description above was exactly my issues. I kept getting error messages saying that "to help protect your computer windows has closed generic host process for win 32" and then a lot of error messages relating to svchost.exe.mdmp Then my internet explorer started to default back to original settings, blink different colors, and have no sound with error messages about my sound device. I ran McAfee scan, and the most recent AdAware (which I run frequently) and both found some little things like cookies but both said the computer was clean yet the problem continued. Is there any way to know where these problems started so I do not catch a computer illness again?
I have a firewall on all the time, I surf mostly with Firefox, and this is the first problem I have had in a very long time. Anyway, found the post above and since it was exactly my issue I did the steps recommended. I shut down all anti-virus, etc. installed, and ran, Combofix through the link provided. It appears to have solved my problem. It took a while to run but indicates that it deleted a lot of stuff. Just wondering if someone could look through the report and let me know if I am clean or if I need to take further action. Here is the report from Combofix. Thank you!!!
ComboFix 09-03-19.02 - Samantha 2009-03-22 12:54:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2812 [GMT -8:00]
Running from: c:\documents and settings\Samantha\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\program files\Remote\Remote.exe
c:\windows\IE4 Error Log.txt
c:\windows\Install.txt
c:\windows\system32\20093056.dll
c:\windows\system32\20093109.dll
c:\windows\system32\200931324.dll
c:\windows\system32\20093167.dll
c:\windows\system32\20093310.dll
c:\windows\system32\20093313.dll
c:\windows\system32\2009348.dll
c:\windows\system32\200934912.dll
c:\windows\system32\22367103193120l.dll
c:\windows\system32\afisicx.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\comsa32.sys
c:\windows\system32\dxonool32.sys
c:\windows\system32\Install.txt
c:\windows\system32\mdm.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\u122293714.dll
c:\windows\system32\w.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Legacy_SOPIDKC
-------\Service_afisicx
-------\Service_defaultlib
-------\Service_netmantow
-------\Service_softyinforwow1
-------\Service_sopidkc
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.
2009-03-22 12:31 . 2009-03-22 12:33 700,928 --a------ c:\windows\system32\forx37770.exe
2009-03-22 12:31 . 2009-03-22 12:31 389,536 --a------ c:\windows\system32\forx80498.exe
2009-03-22 12:31 . 2009-03-22 12:31 73,216 --a------ c:\windows\system32\forx491704.exe
2009-03-22 10:29 . 2009-03-22 10:29 <DIR> d-------- c:\program files\RegCure
2009-03-22 10:01 . 2009-03-22 10:03 700,928 --a------ c:\windows\system32\forx61642.exe
2009-03-22 10:01 . 2009-03-22 10:01 65,536 --a------ c:\windows\system32\u102278159.dll
2009-03-22 10:00 . 2009-03-22 10:01 389,536 --a------ c:\windows\system32\forx215914.exe
2009-03-22 09:49 . 2009-03-22 09:50 700,928 --a------ c:\windows\system32\forx45432.exe
2009-03-22 09:49 . 2009-03-22 09:49 389,536 --a------ c:\windows\system32\forx864949.exe
2009-03-22 09:49 . 2009-03-22 09:49 65,536 --a------ c:\windows\system32\u92214027.dll
2009-03-22 00:01 . 2009-03-09 11:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-21 22:18 . 2009-03-21 22:22 700,928 --a------ c:\windows\system32\forx902814.exe
2009-03-21 22:16 . 2009-03-21 22:18 389,536 --a------ c:\windows\system32\forx330629.exe
2009-03-21 22:16 . 2009-03-21 22:16 65,536 --a------ c:\windows\system32\u222146822.dll
2009-03-21 22:11 . 2009-03-09 11:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-21 22:09 . 2009-03-21 22:09 <DIR> d-------- c:\program files\Lavasoft
2009-03-21 22:09 . 2009-03-21 22:09 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-21 22:05 . 2009-03-21 22:05 252,290 --a------ c:\windows\system32\forx49310.exe
2009-03-21 22:05 . 2009-03-21 22:05 65,536 --a------ c:\windows\system32\u222121813.dll
2009-03-21 18:15 . 2009-03-21 18:23 589,549 --a------ c:\windows\system32\forx877132.exe
2009-03-21 18:13 . 2009-03-21 18:15 389,536 --a------ c:\windows\system32\forx597315.exe
2009-03-21 18:13 . 2009-03-21 18:13 65,536 --a------ c:\windows\system32\u182115653.dll
2009-03-21 10:11 . 2009-03-21 10:11 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-21 10:11 . 2009-03-21 10:11 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2009-03-21 10:03 . 2009-03-21 10:03 389,536 --a------ c:\windows\system32\forx728225.exe
2009-03-21 10:03 . 2009-03-21 10:03 65,536 --a------ c:\windows\system32\u102164027.dll
2009-03-20 22:10 . 2009-03-22 12:55 <DIR> d-------- c:\program files\Remote
2009-03-20 22:10 . 2009-03-20 22:10 389,536 --a------ c:\windows\system32\forx155850.exe
2009-03-20 22:10 . 2009-03-20 22:10 65,536 --a------ c:\windows\system32\u222053111.dll
2009-03-13 12:35 . 2009-03-16 20:12 330,059 --a------ C:\Proof.jpg
2009-03-12 18:59 . 2009-03-12 19:00 <DIR> d-------- c:\documents and settings\Samantha\.roescache
2009-03-12 18:59 . 2009-03-12 19:07 <DIR> d-------- c:\documents and settings\Samantha\.Millers
2009-03-12 15:57 . 2009-03-22 13:02 <DIR> d-------- c:\documents and settings\Samantha\Tracing
2009-03-12 15:54 . 2009-03-15 10:32 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-12 15:53 . 2009-03-12 15:53 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-03-12 15:53 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-12 15:52 . 2009-03-12 15:52 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-12 15:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-12 15:50 . 2009-03-12 15:50 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-12 15:50 . 2009-03-12 15:50 <DIR> d-------- c:\program files\Microsoft
2009-03-12 15:49 . 2009-03-12 15:53 <DIR> d-------- c:\program files\Windows Live
2009-03-12 15:42 . 2009-03-12 15:42 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-04 10:35 . 2009-03-04 10:35 <DIR> d-------- C:\Millers Remote Suite Resources
2009-03-04 10:32 . 2009-03-04 10:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-26 09:27 . 2009-03-04 10:32 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:03 --------- d-----w c:\documents and settings\Samantha\Application Data\WTablet
2009-03-22 20:33 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2009-03-22 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 18:06 --------- d-----w c:\program files\HP
2009-03-22 18:05 --------- d-----w c:\program files\Disney Interactive
2009-03-22 17:38 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-03-22 06:09 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-21 18:00 --------- d-----w c:\program files\McAfee
2009-03-20 22:41 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-04 18:32 --------- d-----w c:\program files\Java
2009-03-02 21:23 --------- d-----w c:\program files\Millers Remote Studio
2009-02-26 15:43 --------- d-----w c:\documents and settings\Bob\Application Data\WTablet
2009-02-17 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 03:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 02:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 04:05 --------- d-----w c:\program files\Common Files\Pure Networks Shared
2009-02-01 23:28 --------- d-----w c:\documents and settings\Allison\Application Data\WTablet
2009-01-25 06:08 --------- d-----w c:\documents and settings\Samantha\Application Data\FileZilla
2008-07-16 06:58 86,683 ----a-w c:\program files\device-enct.dll
2008-07-16 06:50 752 ----a-w c:\program files\cpic.opt
2007-03-03 04:17 20,743 ----a-w c:\program files\gessele.zip
2007-03-03 04:15 105,796 ----a-w c:\program files\beyond_wonderland.zip
2007-03-03 04:12 21,950 ----a-w c:\program files\ajile.zip
2006-12-30 09:25 168,337,408 ----a-w c:\program files\Photoshop_7.exe
2004-12-01 07:45 0 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Optical Mouse\mouse32a.exe" [2006-05-11 360448]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-16 98304]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 180269]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-04 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
ImageFox.lnk - c:\windows\Installer\{0A117913-C6BE-4524-A1A2-47AE6F3604EF}\IMAGEFOX_STRTUP_SHRTCUT.exe [2007-03-31 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Samantha^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Samantha\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-12-11 16:33 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 17:42 659456 c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 17:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 00:20 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-12-16 20:08 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 19:43 233472 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-07 13:03 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-04-12 01:10 65536 c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-04-06 18:53 2805248 c:\windows\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-12 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-01 210216]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-08-04 176640]
S2 Remote_Server_2008;Remote 2008;c:\program files\Remote\Remote.exe --> c:\program files\Remote\Remote.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 iaudUSB;iaudUSB;c:\windows\system32\drivers\iAudUSB.sys [2001-08-07 14490]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549ad950-f4c2-11dd-8422-00112f21db1d}]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fea6698-d132-11dd-840e-00112f21db1d}]
\Shell\AutoRun\command - H:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:06]
2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
2009-02-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
2009-03-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]
2009-03-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://209.193.48.193/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Samantha\Application Data\Mozilla\Firefox\Profiles\4dfso3hi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Samantha\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 13:03:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ACD Systems\ImageFox\ImageFox.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-03-22 13:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-22 21:10:10
Pre-Run: 93,203,517,440 bytes free
Post-Run: 94,364,999,680 bytes free
324 --- E O F --- 2009-03-14 17:11:10
Edited by 503mpco, 22 March 2009 - 03:31 PM.
Sign In
Create Account
