MS Antispyware 2009 [Solved]

Hello gitcheegoomee,

Welcome to Geeks to Go! My name is Fred21543 and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience.
Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.

Hey Fred21543, I really appreciate your help. Good Luck

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• After the update, from the "File" menu, choose "Standard Scripts"
• Put a check next to item 2: Advanced System Investigation
• Click Execute selected scripts
• At the next prompt, click the OK button
• Let the scan run and click "OK" when the completion prompt pops up
• Now Close out of the Standard Scripts window, and exit AVZ
• Navigate to the avz4 folder and locate the folder LOG
• Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
• Attach virusinfo_syscheck.htm to your next reply, along with a fresh HijackThis log

Every time I click on the link it shows in Firefox 3.1 that it is loading but nothing comes up. I revert back to the Forums page.

C:\DOCUME~1\andrew\LOCALS~1\Temp\FcAGi2GL.zip.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

Edited by gitcheegoomee, 01 February 2009 - 08:18 PM.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:48 PM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\andrew\desktop\AVZ\avz4\avz.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215048687258
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8045 bytes
Results of system analysis

AVZ 4.30 http://z-oleg.com/secur/avz/
List of processes
File name PID Description Copyright MD5 Information
c:\windows\system32\alg.exe
Script: Quarantine, Delete, BC delete, Terminate 3956 Application Layer Gateway Service © Microsoft Corporation. All rights reserved. ?? 60.50 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:12 PM
Command line:
C:\WINDOWS\System32\alg.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
Script: Quarantine, Delete, BC delete, Terminate 1464 avast! service GUI component Copyright © 2008 ALWIL Software ?? 79.10 kb, rsAh,
created: 1/22/2009 3:44:49 PM,
modified: 11/26/2008 11:18:51 AM
Command line:
"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
c:\program files\alwil software\avast4\ashserv.exe
Script: Quarantine, Delete, BC delete, Terminate 1584 avast! antivirus service Copyright © 2008 ALWIL Software ?? 151.52 kb, rsAh,
created: 1/22/2009 3:44:49 PM,
modified: 11/26/2008 11:18:46 AM
Command line:
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
c:\windows\system32\ati2evxx.exe
Script: Quarantine, Delete, BC delete, Terminate 828 ATI External Event Utility EXE Module Copyright © 1999-2008 ATI Technologies Inc. ?? 560.00 kb, rsAh,
created: 6/27/2008 4:59:16 PM,
modified: 6/2/2008 9:09:36 PM
Command line:
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\ati2evxx.exe
Script: Quarantine, Delete, BC delete, Terminate 1332 ATI External Event Utility EXE Module Copyright © 1999-2008 ATI Technologies Inc. ?? 560.00 kb, rsAh,
created: 6/27/2008 4:59:16 PM,
modified: 6/2/2008 9:09:36 PM
Command line:
Ati2evxx.exe -Client
c:\documents and settings\andrew\desktop\avz\avz4\avz.exe
Script: Quarantine, Delete, BC delete, Terminate 2780 ???????????? ??????? AVZ ???????????? ??????? AVZ ?? 737.00 kb, rsAh,
created: 4/6/2008 5:22:50 PM,
modified: 2/1/2009 8:36:20 PM
Command line:
"C:\Documents and Settings\andrew\desktop\AVZ\avz4\avz.exe"
c:\program files\comodo\common\cavaspy\cavasm.exe
Script: Quarantine, Delete, BC delete, Terminate 1836 Comodo Anti-Viruspyware Monitor Service Copyright © 2005-2007 Comodo Inc. All rights reserved. ?? 528.00 kb, rsAh,
created: 7/2/2008 8:26:26 PM,
modified: 7/2/2008 8:26:14 PM
Command line:
"C:\Program Files\Comodo\common\CAVASpy\cavasm.exe"
c:\program files\comodo\comodo antivirus\cavaud.exe
Script: Quarantine, Delete, BC delete, Terminate 3592 Comodo AntiVirus Automatic Updater Copyright © 2005 ?? 216.00 kb, rsAh,
created: 7/2/2008 8:26:15 PM,
modified: 7/2/2008 8:26:14 PM
Command line:
"C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe"
c:\program files\comodo\comodo antivirus\cavse.exe
Script: Quarantine, Delete, BC delete, Terminate 3080 Comodo Anti-Viruspyware COM Based Engine Copyright © 2007 Comodo Inc. All rights reserved. ?? 196.00 kb, rsAh,
created: 7/2/2008 8:26:16 PM,
modified: 7/2/2008 8:26:15 PM
Command line:
"C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe" -Embedding
c:\program files\comodo\comodo antivirus\cavse.exe
Script: Quarantine, Delete, BC delete, Terminate 2184 Comodo Anti-Viruspyware COM Based Engine Copyright © 2007 Comodo Inc. All rights reserved. ?? 196.00 kb, rsAh,
created: 7/2/2008 8:26:16 PM,
modified: 7/2/2008 8:26:15 PM
Command line:
"C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe" -Embedding
c:\program files\comodo\comodo antivirus\cavsubmit.exe
Script: Quarantine, Delete, BC delete, Terminate 216 COMDO AntiVirus File Submission 2006 © COMODO. All rights reserved. ?? 1260.00 kb, rsAh,
created: 7/2/2008 8:26:16 PM,
modified: 7/2/2008 8:26:15 PM
Command line:
"C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe"
c:\program files\comodo\comodo antivirus\cmain.exe
Script: Quarantine, Delete, BC delete, Terminate 1220 Comodo AntiVirus Application. Copyright © 2005 COMODO. All rights reserved. ?? 128.00 kb, rsAh,
created: 7/2/2008 8:26:15 PM,
modified: 7/2/2008 8:26:14 PM
Command line:
"C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
c:\program files\comodo\firewall\cmdagent.exe
Script: Quarantine, Delete, BC delete, Terminate 1680 ?? 623.74 kb, rsAh,
created: 7/2/2008 7:20:52 PM,
modified: 1/9/2009 5:11:31 PM
Command line:
"C:\Program Files\COMODO\Firewall\cmdagent.exe"
c:\windows\explorer.exe
Script: Quarantine, Delete, BC delete, Terminate 788 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1026.50 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:19 PM
Command line:
C:\WINDOWS\Explorer.EXE
c:\program files\mozilla firefox 3.1 beta 2\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate 2980 Firefox ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. ?? 300.99 kb, rsAh,
created: 1/23/2009 2:52:02 PM,
modified: 12/1/2008 5:03:46 PM
Command line:
"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe"
c:\documents and settings\andrew\local settings\application data\google\update\googleupdate.exe
Script: Quarantine, Delete, BC delete, Terminate 1704 Google Installer Copyright 2007-2008 Google Inc. ?? 129.98 kb, rsAh,
created: 1/31/2009 11:04:23 AM,
modified: 1/31/2009 11:04:20 AM
Command line:
"C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate 2856 Internet Explorer © Microsoft Corporation. All rights reserved. ?? 621.35 kb, rsAh,
created: 6/27/2008 12:29:33 PM,
modified: 1/15/2009 2:17:22 AM
Command line:
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:908 CREDAT:79873
c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate 908 Internet Explorer © Microsoft Corporation. All rights reserved. ?? 621.35 kb, rsAh,
created: 6/27/2008 12:29:33 PM,
modified: 1/15/2009 2:17:22 AM
Command line:
"C:\Program Files\Internet Explorer\iexplore.exe"
c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, BC delete, Terminate 2016 Java™ Quick Starter Service Copyright © 2004 ?? 149.40 kb, rsAh,
created: 1/25/2009 8:38:14 AM,
modified: 1/25/2009 8:38:14 AM
Command line:
"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
c:\program files\java\jre6\bin\jusched.exe
Script: Quarantine, Delete, BC delete, Terminate 1568 Java™ Platform SE binary Copyright © 2004 ?? 133.40 kb, rsAh,
created: 1/25/2009 8:38:14 AM,
modified: 1/25/2009 8:38:14 AM
Command line:
"C:\Program Files\Java\jre6\bin\jusched.exe"
c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate 676 LSA Shell (Export Version) © Microsoft Corporation. All rights reserved. ?? 13.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:24 PM
Command line:
C:\WINDOWS\system32\lsass.exe
c:\windows\ehome\mcrdsvc.exe
Script: Quarantine, Delete, BC delete, Terminate 2612 MCRD Device Service © Microsoft Corporation. All rights reserved. ?? 114.00 kb, rsAh,
created: 8/5/2005 12:27:08 PM,
modified: 8/5/2005 12:27:08 PM
Command line:
C:\WINDOWS\ehome\mcrdsvc.exe
c:\windows\system32\searchfilterhost.exe
Script: Quarantine, Delete, BC delete, Terminate 3752 Microsoft Windows Search Filter Host © Microsoft Corporation. All rights reserved. ?? 102.50 kb, rsah,
created: 5/26/2008 9:17:56 PM,
modified: 5/26/2008 9:17:56 PM
Command line:
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 588 592 600 65536 596
c:\windows\system32\searchindexer.exe
Script: Quarantine, Delete, BC delete, Terminate 2676 Microsoft Windows Search Indexer © Microsoft Corporation. All rights reserved. ?? 446.50 kb, rsAh,
created: 5/26/2008 9:18:44 PM,
modified: 5/26/2008 9:18:44 PM
Command line:
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\searchprotocolhost.exe
Script: Quarantine, Delete, BC delete, Terminate 1248 Microsoft Windows Search Protocol Host © Microsoft Corporation. All rights reserved. ?? 197.50 kb, rsah,
created: 5/26/2008 9:18:18 PM,
modified: 5/26/2008 9:18:18 PM
Command line:
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "" "DownLevelDaemon"
c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate 664 Services and Controller app © Microsoft Corporation. All rights reserved. ?? 106.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:34 PM
Command line:
C:\WINDOWS\system32\services.exe
c:\program files\analog devices\core\smax4pnp.exe
Script: Quarantine, Delete, BC delete, Terminate 1204 SMax4PNP MFC Application Copyright © 2002-2004 Analog Devices ?? 1392.00 kb, rsAh,
created: 6/27/2008 4:58:10 PM,
modified: 10/14/2004 1:42:54 PM
Command line:
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"
c:\windows\system32\snmp.exe
Script: Quarantine, Delete, BC delete, Terminate 504 SNMP Service © Microsoft Corporation. All rights reserved. ?? 49.50 kb, rsAh,
created: 6/27/2008 1:17:29 PM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\System32\snmp.exe
c:\program files\openoffice.org 3\program\soffice.bin
Script: Quarantine, Delete, BC delete, Terminate 1712 OpenOffice.org 3.0 Copyright © 2000-2008 by Sun Microsystems, Inc. ?? 7244.50 kb, rsAh,
created: 1/9/2009 8:00:52 PM,
modified: 1/9/2009 8:00:52 PM
Command line:
"C:\Program Files\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files\\OpenOffice.org 3\\program"
c:\program files\openoffice.org 3\program\soffice.exe
Script: Quarantine, Delete, BC delete, Terminate 464 OpenOffice.org 3.0 Copyright © 2000-2008 by Sun Microsystems, Inc. ?? 7267.00 kb, rsAh,
created: 1/9/2009 7:57:32 PM,
modified: 1/9/2009 7:57:32 PM
Command line:
"C:\Program Files\OpenOffice.org 3\program\soffice.exe" -quickstart
c:\windows\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate 1448 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 73.50 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\spoolsv.exe
c:\program files\dell support center\bin\sprtsvc.exe
Script: Quarantine, Delete, BC delete, Terminate 2072 SupportSoft Agent Service Copyright 1997-2008 SupportSoft ?? 197.23 kb, rsAh,
created: 9/24/2008 2:18:52 PM,
modified: 9/24/2008 2:18:52 PM
Command line:
"C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 1968 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 2232 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 2368 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 1268 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 860 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 948 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 1032 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate 1064 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 31.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:36 PM
Command line:
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
c:\windows\system32\winlogon.exe
Script: Quarantine, Delete, BC delete, Terminate 620 Windows NT Logon Application © Microsoft Corporation. All rights reserved. ?? 496.00 kb, rsAh,
created: 8/10/2004 6:00:00 AM,
modified: 4/13/2008 6:12:39 PM
Command line:
winlogon.exe
c:\program files\yahoo!\softwareupdate\yahooauservice.exe
Script: Quarantine, Delete, BC delete, Terminate 2436 AutoUpater Service Module Yahoo! Copyright © 2006-2008. All rights reserved. ?? 588.27 kb, rsAh,
created: 11/9/2008 2:48:14 PM,
modified: 11/9/2008 2:48:14 PM
Command line:
"C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
Detected:47, recognized as trusted 15
Module name Handle Description Copyright MD5 Used by processes
C:\Documents and Settings\andrew\desktop\AVZ\avz4\avz.exe
Script: Quarantine, Delete, BC delete 4194304 ???????????? ??????? AVZ ???????????? ??????? AVZ ?? 2780
C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\1.2.133.37\goopdate.dll
Script: Quarantine, Delete, BC delete 402653184 Google Update Copyright 2007-2008 Google Inc. -- 1704
C:\Program Files\Alwil Software\Avast4\AavmGuih.dll
Script: Quarantine, Delete, BC delete 1695023104 avast! AAVM GUI Library Copyright © 2008 ALWIL Software -- 1464
C:\Program Files\Alwil Software\Avast4\English\Base.dll
Script: Quarantine, Delete, BC delete 1711800320 avast! English Basic Module Copyright © 2008 ALWIL Software -- 1464, 1584
C:\Program Files\Alwil Software\Avast4\English\Lang.dll
Script: Quarantine, Delete, BC delete 1712324608 avast! Main English Module Copyright © 2008 ALWIL Software -- 1464
C:\Program Files\Analog Devices\Core\smax4pnp.exe
Script: Quarantine, Delete, BC delete 4194304 SMax4PNP MFC Application Copyright © 2002-2004 Analog Devices ?? 1204
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamENU.dll
Script: Quarantine, Delete, BC delete 50921472 AMD Desktop Control Panel © 2007-2008 Advanced Micro Devices, Inc. -- 788
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
Script: Quarantine, Delete, BC delete 4194304 Comodo Anti-Viruspyware Monitor Service Copyright © 2005-2007 Comodo Inc. All rights reserved. ?? 1836
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
Script: Quarantine, Delete, BC delete 4194304 Comodo AntiVirus Automatic Updater Copyright © 2005 ?? 3592
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
Script: Quarantine, Delete, BC delete 4194304 Comodo Anti-Viruspyware COM Based Engine Copyright © 2007 Comodo Inc. All rights reserved. ?? 3080, 2184
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe
Script: Quarantine, Delete, BC delete 4194304 COMDO AntiVirus File Submission 2006 © COMODO. All rights reserved. ?? 216
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
Script: Quarantine, Delete, BC delete 4194304 Comodo AntiVirus Application. Copyright © 2005 COMODO. All rights reserved. ?? 1220
C:\Program Files\COMODO\Firewall\cmdagent.exe
Script: Quarantine, Delete, BC delete 4194304 ?? 1680
C:\Program Files\Dell Support Center\bin\sprtfod.dll
Script: Quarantine, Delete, BC delete 1652293632 sprtfod Copyright 1997-2008 SupportSoft -- 2072
C:\Program Files\Dell Support Center\bin\sprtsched.dll
Script: Quarantine, Delete, BC delete 1657929728 sprtsched Copyright 1997-2008 SupportSoft -- 2072
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
Script: Quarantine, Delete, BC delete 4194304 SupportSoft Agent Service Copyright 1997-2008 SupportSoft ?? 2072
C:\Program Files\Dell Support Center\bin\sprtsync.dll
Script: Quarantine, Delete, BC delete 1718353920 sprtsync Copyright 1997-2008 SupportSoft -- 2072
C:\Program Files\Dell Support Center\bin\sprtupdate.dll
Script: Quarantine, Delete, BC delete 1658847232 sprtupdate Copyright 1997-2008 SupportSoft -- 2072
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Script: Quarantine, Delete, BC delete 14483456 Malwarebytes' Anti-Malware © Malwarebytes Corporation. All rights reserved. -- 788
C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\browserdirprovider.dll
Script: Quarantine, Delete, BC delete 19202048 License: MPL 1.1/GPL 2.0/LGPL 2.1 -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\brwsrcmp.dll
Script: Quarantine, Delete, BC delete 19660800 License: MPL 1.1/GPL 2.0/LGPL 2.1 -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
Script: Quarantine, Delete, BC delete 4194304 Firefox ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. ?? 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\freebl3.dll
Script: Quarantine, Delete, BC delete 24444928 NSS freebl Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\js3250.dll
Script: Quarantine, Delete, BC delete 3080192 Netscape 32-bit JavaScript Module Copyright Netscape Communications. 1994-96 -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\MOZCRT19.dll
Script: Quarantine, Delete, BC delete 2014511104 User-Generated Microsoft ® C/C++ Runtime Library Copyright © Microsoft Corporation. -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\nspr4.dll
Script: Quarantine, Delete, BC delete 3866624 NSPR Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\nss3.dll
Script: Quarantine, Delete, BC delete 4521984 NSS Base Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssckbi.dll
Script: Quarantine, Delete, BC delete 50331648 NSS Builtin Trusted Root CAs -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssdbm3.dll
Script: Quarantine, Delete, BC delete 24313856 Legacy Database Driver -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssutil3.dll
Script: Quarantine, Delete, BC delete 5242880 NSS Utility Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\plc4.dll
Script: Quarantine, Delete, BC delete 5373952 PLC Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\plds4.dll
Script: Quarantine, Delete, BC delete 5439488 PLDS Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\smime3.dll
Script: Quarantine, Delete, BC delete 4063232 NSS S/MIME Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\softokn3.dll
Script: Quarantine, Delete, BC delete 24117248 NSS PKCS #11 Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\sqlite3.dll
Script: Quarantine, Delete, BC delete 2621440 SQLite Database Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\ssl3.dll
Script: Quarantine, Delete, BC delete 5505024 NSS SSL Library -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\xpcom.dll
Script: Quarantine, Delete, BC delete 5636096 License: MPL 1.1/GPL 2.0/LGPL 2.1 -- 2980
C:\Program Files\Mozilla Firefox 3.1 Beta 2\xul.dll
Script: Quarantine, Delete, BC delete 268435456 License: MPL 1.1/GPL 2.0/LGPL 2.1 -- 2980
C:\Program Files\OpenOffice.org 3\Basis\program\avmediami.dll
Script: Quarantine, Delete, BC delete 1741291520 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\basegfxmi.dll
Script: Quarantine, Delete, BC delete 1736572928 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\behelper.uno.dll
Script: Quarantine, Delete, BC delete 1736048640 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\comphelp4MSC.dll
Script: Quarantine, Delete, BC delete 1704460288 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\configmgr2.uno.dll
Script: Quarantine, Delete, BC delete 1702887424 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\emsermi.dll
Script: Quarantine, Delete, BC delete 1681719296 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\fwemi.dll
Script: Quarantine, Delete, BC delete 1674117120 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\fwimi.dll
Script: Quarantine, Delete, BC delete 1673723904 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\fwkmi.dll
Script: Quarantine, Delete, BC delete 1671757824 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\fwlmi.dll
Script: Quarantine, Delete, BC delete 1671561216 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\gomi.dll
Script: Quarantine, Delete, BC delete 1670053888 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\i18nisolang1MSC.dll
Script: Quarantine, Delete, BC delete 1668218880 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\i18nutilMSC.dll
Script: Quarantine, Delete, BC delete 1666449408 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\icudt36l.dll
Script: Quarantine, Delete, BC delete 1655701504 ICU Data DLL Copyright © 2005, International Business Machines Corporation and others. All Rights Reserved. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\icuuc36.dll
Script: Quarantine, Delete, BC delete 1653276672 IBM ICU Common DLL Copyright © 2005, International Business Machines Corporation and others. All Rights Reserved. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\jmi_g.dll
Script: Quarantine, Delete, BC delete 1649082368 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\lngmi.dll
Script: Quarantine, Delete, BC delete 1526005760 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\localebe1.uno.dll
Script: Quarantine, Delete, BC delete 1640431616 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\oleautobridge.uno.dll
Script: Quarantine, Delete, BC delete 1633615872 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\sax.uno.dll
Script: Quarantine, Delete, BC delete 1611268096 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\saxmi.dll
Script: Quarantine, Delete, BC delete 1611137024 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\sbmi.dll
Script: Quarantine, Delete, BC delete 1609695232 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\sfxmi.dll
Script: Quarantine, Delete, BC delete 1592590336 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
Script: Quarantine, Delete, BC delete 1592131584 Copyright © 2008 by Sun Microsystems, Inc. -- 788
C:\Program Files\OpenOffice.org 3\Basis\program\sofficeapp.dll
Script: Quarantine, Delete, BC delete 1584267264 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\sotmi.dll
Script: Quarantine, Delete, BC delete 1583480832 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\svlmi.dll
Script: Quarantine, Delete, BC delete 1577648128 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\svtmi.dll
Script: Quarantine, Delete, BC delete 1574699008 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\svxmi.dll
Script: Quarantine, Delete, BC delete 1565261824 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\sysmgr1.uno.dll
Script: Quarantine, Delete, BC delete 1555496960 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\tkmi.dll
Script: Quarantine, Delete, BC delete 1551630336 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\tlmi.dll
Script: Quarantine, Delete, BC delete 1551040512 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\ucb1.dll
Script: Quarantine, Delete, BC delete 1550450688 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\ucbhelper4MSC.dll
Script: Quarantine, Delete, BC delete 1549991936 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\ucpfile1.dll
Script: Quarantine, Delete, BC delete 1548746752 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\utlmi.dll
Script: Quarantine, Delete, BC delete 1545011200 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\vclmi.dll
Script: Quarantine, Delete, BC delete 1539637248 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\vos3MSC.dll
Script: Quarantine, Delete, BC delete 1539440640 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\xcrmi.dll
Script: Quarantine, Delete, BC delete 1533804544 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\Basis\program\xomi.dll
Script: Quarantine, Delete, BC delete 1529544704 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\program\libxml2.dll
Script: Quarantine, Delete, BC delete 1643446272 -- 1712
C:\Program Files\OpenOffice.org 3\program\soffice.bin
Script: Quarantine, Delete, BC delete 4194304 OpenOffice.org 3.0 Copyright © 2000-2008 by Sun Microsystems, Inc. ?? 1712
C:\Program Files\OpenOffice.org 3\program\soffice.exe
Script: Quarantine, Delete, BC delete 4194304 OpenOffice.org 3.0 Copyright © 2000-2008 by Sun Microsystems, Inc. ?? 464
C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
Script: Quarantine, Delete, BC delete 1714946048 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll
Script: Quarantine, Delete, BC delete 1702100992 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
Script: Quarantine, Delete, BC delete 1701576704 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\jvmaccess3MSC.dll
Script: Quarantine, Delete, BC delete 1647706112 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll
Script: Quarantine, Delete, BC delete 1647509504 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll
Script: Quarantine, Delete, BC delete 1636171776 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\purpenvhelper3MSC.dll
Script: Quarantine, Delete, BC delete 1621884928 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll
Script: Quarantine, Delete, BC delete 1618870272 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll
Script: Quarantine, Delete, BC delete 1611661312 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
Script: Quarantine, Delete, BC delete 1611530240 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll
Script: Quarantine, Delete, BC delete 1580269568 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll
Script: Quarantine, Delete, BC delete 1580072960 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\unsafe_uno_uno.dll
Script: Quarantine, Delete, BC delete 1546387456 Copyright © 2008 by Sun Microsystems, Inc. -- 1712
C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll
Script: Quarantine, Delete, BC delete 1544421376 Copyright © 2007 by Sun Microsystems, Inc. -- 1712
C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
Script: Quarantine, Delete, BC delete 1610940416 RealPlayer Download and Record Plugin for Internet Explorer Copyright © RealNetworks, Inc. 1995-2007 -- 2980
C:\Program Files\Yahoo!\Common\YMMAPI.dll
Script: Quarantine, Delete, BC delete 1677721600 Yahoo! Mail Copyright © 2001-2008 Yahoo! Inc. -- 788
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Script: Quarantine, Delete, BC delete 4194304 AutoUpater Service Module Yahoo! Copyright © 2006-2008. All rights reserved. ?? 2436
C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
Script: Quarantine, Delete, BC delete 33357824 Context Menu Handler Copyright © 2003-2009 Glarysoft Ltd -- 788
C:\WINDOWS\ehome\mcrdsvc.exe
Script: Quarantine, Delete, BC delete 4194304 MCRD Device Service © Microsoft Corporation. All rights reserved. ?? 2612
C:\WINDOWS\Explorer.EXE
Script: Quarantine, Delete, BC delete 16777216 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 788
C:\WINDOWS\System32\alg.exe
Script: Quarantine, Delete, BC delete 16777216 Application Layer Gateway Service © Microsoft Corporation. All rights reserved. ?? 3956
C:\WINDOWS\system32\Ati2evxx.exe
Script: Quarantine, Delete, BC delete 4194304 ATI External Event Utility EXE Module Copyright © 1999-2008 ATI Technologies Inc. ?? 828, 1332
C:\WINDOWS\system32\dopdfmn6.dll
Script: Quarantine, Delete, BC delete 11206656 doPDF Port Monitor © Softland. All rights reserved. -- 1448
C:\WINDOWS\system32\eswia32.dll
Script: Quarantine, Delete, BC delete 472907776 WIA Module Copyright © SEIKO EPSON CORP. 2003 -- 2368
C:\WINDOWS\system32\guard32.dll
Script: Quarantine, Delete, BC delete 268435456 -- 3956, 1464, 1584, 828, 1332, 2780, 1836, 3592, 3080, 2184, 216, 1220, 1680, 788, 2980, 1704, 2856, 908, 2016, 1568, 676, 2612, 3752, 2676, 1248, 664, 1204, 504, 1712, 1448, 1968, 2232, 2368, 1268, 860, 948, 1032, 1064, 620, 2436
C:\WINDOWS\system32\monln.dll
Script: Quarantine, Delete, BC delete 26476544 Comodo Anti-Viruspyware Logon State Tracking Library Copyright © 2005, 2006 Comodo Inc. All rights reserved. -- 620
C:\WINDOWS\system32\SearchFilterHost.exe
Script: Quarantine, Delete, BC delete 16777216 Microsoft Windows Search Filter Host © Microsoft Corporation. All rights reserved. ?? 3752
C:\WINDOWS\system32\SearchIndexer.exe
Script: Quarantine, Delete, BC delete 16777216 Microsoft Windows Search Indexer © Microsoft Corporation. All rights reserved. ?? 2676
C:\WINDOWS\system32\SearchProtocolHost.exe
Script: Quarantine, Delete, BC delete 16777216 Microsoft Windows Search Protocol Host © Microsoft Corporation. All rights reserved. ?? 1248
C:\WINDOWS\System32\snmp.exe
Script: Quarantine, Delete, BC delete 16777216 SNMP Service © Microsoft Corporation. All rights reserved. ?? 504
C:\WINDOWS\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete 16777216 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 1448
C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete 16777216 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 1968, 2232, 2368, 1268, 860, 948, 1032, 1064
C:\WINDOWS\system32\WgaLogon.dll
Script: Quarantine, Delete, BC delete 27066368 Windows Genuine Advantage Notification © 1995-2007 Microsoft Corporation -- 620
Modules detected:545, recognized as trusted 431
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\WINDOWS\System32\Drivers\dump_iastor.sys
Script: Quarantine, Delete, BC delete B1B88000 073000 (471040)
tvof.sys
Script: Quarantine, Delete, BC delete F74E2000 00F000 (61440)
yiwbidlx.sys
Script: Quarantine, Delete, BC delete F74D2000 00F000 (61440)
Modules detected - 137, recognized as trusted - 134
Services
Service Description Status File Group Dependencies
ALG
Service: Stop, Delete, Disable Application Layer Gateway Service Running C:\WINDOWS\System32\alg.exe
Script: Quarantine, Delete, BC delete
Ati HotKey Poller
Service: Stop, Delete, Disable Ati HotKey Poller Running C:\WINDOWS\system32\Ati2evxx.exe
Script: Quarantine, Delete, BC delete Event log
AudioSrv
Service: Stop, Delete, Disable Windows Audio Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete AudioGroup PlugPlay
BITS
Service: Stop, Delete, Disable Background Intelligent Transfer Service Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Rpcss
Browser
Service: Stop, Delete, Disable Computer Browser Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete LanmanWorkstation
cmdAgent
Service: Stop, Delete, Disable COMODO Internet Security Helper Service Running C:\Program Files\COMODO\Firewall\cmdagent.exe
Script: Quarantine, Delete, BC delete
Comodo Anti-Virus and Anti-Spyware Service
Service: Stop, Delete, Disable Comodo Anti-Virus and Anti-Spyware Service Running C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
Script: Quarantine, Delete, BC delete RPCSS
CryptSvc
Service: Stop, Delete, Disable Cryptographic Services Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
DcomLaunch
Service: Stop, Delete, Disable DCOM Server Process Launcher Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Event Log
Dhcp
Service: Stop, Delete, Disable DHCP Client Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete TDI Tcpip
dmserver
Service: Stop, Delete, Disable Logical Disk Manager Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
ERSvc
Service: Stop, Delete, Disable Error Reporting Service Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
EventSystem
Service: Stop, Delete, Disable COM+ Event System Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Network RPCSS
FastUserSwitchingCompatibility
Service: Stop, Delete, Disable Fast User Switching Compatibility Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete TermService
helpsvc
Service: Stop, Delete, Disable Help and Support Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RPCSS
HTTPFilter
Service: Stop, Delete, Disable HTTP SSL Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete HTTP
lanmanserver
Service: Stop, Delete, Disable Server Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete
lanmanworkstation
Service: Stop, Delete, Disable Workstation Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete NetworkProvider
LmHosts
Service: Stop, Delete, Disable TCP/IP NetBIOS Helper Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete TDI NetBT
McrdSvc
Service: Stop, Delete, Disable Media Center Extender Service Running C:\WINDOWS\ehome\mcrdsvc.exe
Script: Quarantine, Delete, BC delete RPCSS
Netman
Service: Stop, Delete, Disable Network Connections Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
Nla
Service: Stop, Delete, Disable Network Location Awareness (NLA) Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Tcpip
NwSapAgent
Service: Stop, Delete, Disable SAP Agent Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete NwlnkIpx
RasMan
Service: Stop, Delete, Disable Remote Access Connection Manager Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Tapisrv
RemoteAccess
Service: Stop, Delete, Disable Routing and Remote Access Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSS
RemoteRegistry
Service: Stop, Delete, Disable Remote Registry Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RPCSS
RpcSs
Service: Stop, Delete, Disable Remote Procedure Call (RPC) Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete COM Infrastructure
Schedule
Service: Stop, Delete, Disable Task Scheduler Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete SchedulerGroup RpcSs
seclogon
Service: Stop, Delete, Disable Secondary Logon Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete
SENS
Service: Stop, Delete, Disable System Event Notification Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Network EventSystem
SharedAccess
Service: Stop, Delete, Disable Windows Firewall/Internet Connection Sharing (ICS) Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete Netman
ShellHWDetection
Service: Stop, Delete, Disable Shell Hardware Detection Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete ShellSvcGroup RpcSs
SNMP
Service: Stop, Delete, Disable SNMP Service Running C:\WINDOWS\System32\snmp.exe
Script: Quarantine, Delete, BC delete EventLog
Spooler
Service: Stop, Delete, Disable Print Spooler Running C:\WINDOWS\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete SpoolerGroup RPCSS
sprtsvc_DellSupportCenter
Service: Stop, Delete, Disable SupportSoft Sprocket Service (DellSupportCenter) Running C:\Program Files\Dell Support Center\bin\sprtsvc.exe
Script: Quarantine, Delete, BC delete
srservice
Service: Stop, Delete, Disable System Restore Service Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
SSDPSRV
Service: Stop, Delete, Disable SSDP Discovery Service Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete HTTP
stisvc
Service: Stop, Delete, Disable Windows Image Acquisition (WIA) Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
TapiSrv
Service: Stop, Delete, Disable Telephony Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete PlugPlay
TermService
Service: Stop, Delete, Disable Terminal Services Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RPCSS
Themes
Service: Stop, Delete, Disable Themes Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete UIGroup
TrkWks
Service: Stop, Delete, Disable Distributed Link Tracking Client Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
W32Time
Service: Stop, Delete, Disable Windows Time Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete
WebClient
Service: Stop, Delete, Disable WebClient Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete NetworkProvider MRxDAV
winmgmt
Service: Stop, Delete, Disable Windows Management Instrumentation Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete RPCSS
wscsvc
Service: Stop, Delete, Disable Security Center Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
WSearch
Service: Stop, Delete, Disable Windows Search Running C:\WINDOWS\system32\SearchIndexer.exe
Script: Quarantine, Delete, BC delete TermService
wuauserv
Service: Stop, Delete, Disable Automatic Updates Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete
WudfSvc
Service: Stop, Delete, Disable Windows Driver Foundation - User-mode Driver Framework Running C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete PlugPlay PlugPlay
WZCSVC
Service: Stop, Delete, Disable Wireless Zero Configuration Running C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete TDI RpcSs
Adobe LM Service
Service: Stop, Delete, Disable Adobe LM Service Not started C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Script: Quarantine, Delete, BC delete
Alerter
Service: Stop, Delete, Disable Alerter Not started C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete LanmanWorkstation
AppMgmt
Service: Stop, Delete, Disable Application Management Not started C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete
aspnet_state
Service: Stop, Delete, Disable ASP.NET State Service Not started C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Script: Quarantine, Delete, BC delete
ATI Smart
Service: Stop, Delete, Disable ATI Smart Not started C:\WINDOWS\system32\ati2sgag.exe
Script: Quarantine, Delete, BC delete
Automatic LiveUpdate Scheduler
Service: Stop, Delete, Disable Automatic LiveUpdate Scheduler Not started C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Script: Quarantine, Delete, BC delete RPCSS
CiSvc
Service: Stop, Delete, Disable Indexing Service Not started C:\WINDOWS\system32\cisvc.exe
Script: Quarantine, Delete, BC delete RPCSS
ClipSrv
Service: Stop, Delete, Disable ClipBook Not started C:\WINDOWS\system32\clipsrv.exe
Script: Quarantine, Delete, BC delete NetDDE
COMSysApp
Service: Stop, Delete, Disable COM+ System Application Not started C:\WINDOWS\system32\dllhost.exe
Script: Quarantine, Delete, BC delete rpcss
dmadmin
Service: Stop, Delete, Disable Logical Disk Manager Administrative Service Not started C:\WINDOWS\System32\dmadmin.exe
Script: Quarantine, Delete, BC delete RpcSs
Dnscache
Service: Stop, Delete, Disable DNS Client Not started C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete TDI Tcpip
Dot3svc
Service: Stop, Delete, Disable Wired AutoConfig Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete TDI Ndisuio
EapHost
Service: Stop, Delete, Disable Extensible Authentication Protocol Service Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
GameConsoleService
Service: Stop, Delete, Disable GameConsoleService Not started C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
Script: Quarantine, Delete, BC delete RPCSS
HidServ
Service: Stop, Delete, Disable Human Interface Device Access Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
hkmsvc
Service: Stop, Delete, Disable Health Key and Certificate Management Service Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
IDriverT
Service: Stop, Delete, Disable InstallDriver Table Manager Not started C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Script: Quarantine, Delete, BC delete
IISADMIN
Service: Stop, Delete, Disable IIS Admin Not started C:\WINDOWS\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete RPCSS
ImapiService
Service: Stop, Delete, Disable IMAPI CD-Burning COM Service Not started C:\WINDOWS\system32\imapi.exe
Script: Quarantine, Delete, BC delete
LiveUpdate
Service: Stop, Delete, Disable LiveUpdate Not started C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Script: Quarantine, Delete, BC delete RPCSS
LPDSVC
Service: Stop, Delete, Disable TCP/IP Print Server Not started C:\WINDOWS\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete Tcpip
Messenger
Service: Stop, Delete, Disable Messenger Not started C:\WINDOWS\system32\svchost.exe
Script: Quarantine, Delete, BC delete LanmanWorkstation
MHN
Service: Stop, Delete, Disable MHN Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete TcpIp
mnmsrvc
Service: Stop, Delete, Disable NetMeeting Remote Desktop Sharing Not started C:\WINDOWS\system32\mnmsrvc.exe
Script: Quarantine, Delete, BC delete
MSDTC
Service: Stop, Delete, Disable Distributed Transaction Coordinator Not started C:\WINDOWS\system32\msdtc.exe
Script: Quarantine, Delete, BC delete MS Transactions RPCSS
MSIServer
Service: Stop, Delete, Disable Windows Installer Not started C:\WINDOWS\system32\msiexec.exe
Script: Quarantine, Delete, BC delete RpcSs
napagent
Service: Stop, Delete, Disable Network Access Protection Agent Not started C:\WINDOWS\System32\svchost.exe
Script: Quarantine, Delete, BC delete RpcSs
NetDDE
Service: Stop, Delete, Disable Network DDE Not started C:\WINDOWS\system32\netdde.exe
Script: Quarantine, Delete, BC delete NetDDEGroup NetDDEDS

Hope this is what you need. Will be back Monday, 02\09 3:30 CST.

Please attach the logfile from AVZ;

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Am unable to upload log, have lost ability to connect to internet. Can't find a disk to burn the file to. Really don't want to connect my wifes laptop to the desktop and possibly infect it. Any suggestions? Am currently running desktop in safe mode. Are there files that I can delete in the Registry. Every time I scan now with Malwarebytes I get the same two files, even after Remove Selected. The files are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit. Sorry I'm so much trouble, my second full time job starts on the 14th of Feb. And I have to use my desktop for Photoshop.  virusinfo_syscheck.htm   176.23KB   199 downloads Not sure how I got internet back

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:28 PM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215048687258
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8242 bytes

Edited by gitcheegoomee, 02 February 2009 - 08:24 PM.

Please go here to run the Norton removal tool; http://service1.syma...n...v=&osv_lvl=

You are running 2 Antivirus Programs, Avast and Comodo. I recommend you disable Comodo's Antivirus feature, and leave Avast as active.

• Close all windows then double click on AVZ.exe
  
• Click File > Custom scripts
  
• Copy & paste the contents of the following codebox in the box in the program
  
  

  begin
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
  DeleteService('Hscssmadms');
  BC_DeleteFile('C:\WINDOWS\Temp\VRT6CA.tmp');
  BC_DeleteFile('C:\WINDOWS\COUPON~1.OCX');
  BC_DeleteFile('Hscssmadms.sys');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

  
  
• Note: When you run the script, your PC will be restarted
  
• Click Run
  
• Restart your PC if it doesn't do it automatically, and post back with a new HijackThis log.

Fred, I'm going to have to reinstall windows. I'm missing files for the RPC locater, different services that depend on the file. C:\WINDOWS\Temp\VRT8.tmp Am unable to locate the file, can't do a system restore, and no I didn't do a backup ( my fault ). I appreciate your help and look forward to hearing from you on the forums.

Below are a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
Windows Update
This will ensure your computer has always the latest security updates available installed on your computer.

Make Internet Explorer more secure

*Click Start > Run
* Type Inetcpl.cpl & click OK
* Click on the Security tab
* Click Reset all zones to default level
* Make sure the Internet Zone is selected & Click Custom level
* In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
* Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX controls.

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

* Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Stay safe!

Edited by Fred21543, 05 February 2009 - 12:14 PM.

Thanks Fred for the advice, I've been able to repair windows, type the code into AVZ and I believe it worked. Still unable to connect to the internet, but I'm sure I can remedy that. When I am able I will post a HJT log and Malwarebytes log. I will definitely try to install the software programs you suggested. thanks again for your help again.

By repair windows, did you mean reformat windows? If you have wiped all data from your drive, it should be clean. However, if you have done a repair install, and still have your data intact, then we should continue cleaning the computer.

 mbam_log_2009_02_06__16_34_46_.txt   1.7KB   328 downloads

Upload failed. You are not permitted to upload this type of file.

Was trying to upload the most recent HJT log file. Why am I unable to upload HJT log? Are my settings too strict in IE or Firefox?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:55 PM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\s,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\regwiz.exe,userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdizjwsi.exe] C:\WINDOWS\hdizjwsi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [phjmwfgy.exe] C:\WINDOWS\phjmwfgy.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdhxjmfc.exe] C:\WINDOWS\hdhxjmfc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215048687258
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Dot3svc - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: EapHost - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7980 bytes

Here you go, I'm only 41 but I think I'm having Senior Moment!!!!!!!

Edited by gitcheegoomee, 06 February 2009 - 05:39 PM.