ComboFix 10-01-04.01 - Howard 01/10/2010 8:35.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.631 [GMT -5:00]
Running from: c:\documents and settings\Howard\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Howard\My Documents\Downloads\CFScript.txt
AV: Rogers Online Protection Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Rogers Online Protection Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-09 04:34 . 2010-01-09 04:35 -------- d-----w- c:\documents and settings\Howard\Application Data\QuickScan
2010-01-09 04:34 . 2010-01-03 05:26 697672 ----a-w- c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\k7tlghan.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-09 04:34 . 2010-01-03 05:26 789320 ----a-w- c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\k7tlghan.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-05 02:58 . 2010-01-05 02:58 -------- d-----w- c:\program files\Sun
2010-01-04 02:52 . 2010-01-04 02:52 -------- d-----w- c:\documents and settings\Howard\Application Data\Malwarebytes
2010-01-04 02:52 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 02:52 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 00:36 . 2010-01-09 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 00:36 . 2009-12-23 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 03:54 . 2009-12-26 22:08 -------- d-----w- C:\SDFix
2009-12-22 01:30 . 2009-12-22 01:30 388096 ----a-r- c:\documents and settings\Howard\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-22 00:33 . 2009-12-22 00:33 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-22 00:33 . 2009-12-22 00:33 -------- d-----w- c:\documents and settings\Howard\log

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-10 13:42 . 2009-05-14 02:37 36327456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-10 13:41 . 2009-05-14 02:37 1797664 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 16:55 . 2009-05-14 02:37 485276 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 16:55 . 2009-05-14 02:37 167780 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 16:42 . 2006-11-02 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-05 03:09 . 2006-10-25 11:50 -------- d-----w- c:\program files\Java
2010-01-05 02:58 . 2009-01-10 02:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 13:03 . 2009-01-18 01:56 -------- d-----w- c:\documents and settings\Howard\Application Data\skypePM
2009-12-22 00:06 . 2008-02-16 01:42 82608 ----a-w- c:\documents and settings\Howard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 22:19 . 2009-09-27 16:11 65964 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-08 02:06 . 2008-10-22 16:17 -------- d-----w- c:\program files\MSECache
2009-12-08 01:27 . 2009-12-08 01:27 -------- d-----w- c:\program files\JRE
2009-12-08 01:27 . 2009-12-08 01:27 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-04 22:06 . 2006-11-26 22:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-28 01:05 . 2009-11-28 01:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 01:04 . 2009-11-28 01:04 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-28 01:04 . 2009-11-28 01:04 -------- d-----w- c:\program files\Shockwave.com
2009-11-12 01:39 . 2006-12-04 04:26 -------- d-----w- c:\documents and settings\Howard\Application Data\Apple Computer
2009-11-11 21:30 . 2009-11-11 21:28 -------- d-----w- c:\program files\iTunes
2009-11-11 21:28 . 2009-11-11 21:28 -------- d-----w- c:\program files\iPod
2009-11-11 21:28 . 2008-01-12 17:36 -------- d-----w- c:\program files\Common Files\Apple
2009-11-11 21:15 . 2009-11-11 21:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 05:38 . 2004-08-10 17:51 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll
2009-11-29 17:39 . 2009-11-29 17:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-08_04.05.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-09 16:56 . 2010-01-09 16:56 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-15 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-04-06 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-09 185896]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-01-31 315392]
"PCMService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2004-09-10 73728]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-09-15 37888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-29 30192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"D-Link AirPlus XtremeG DWL-G132"="c:\program files\D-Link\AirPlus XtremeG DWL-G132\AirPlusCFG.exe" [2007-06-13 1314816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280]

c:\documents and settings\Ryan\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-4-6 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-1 598016]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/06/2004 10:39 AM 377920]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [09/11/2007 11:00 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [09/11/2007 11:00 PM 37248]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/04/2004 6:28 AM 43392]
S3 DCamUSBIntel;USB Video Camera for Intel Proshare technology;c:\windows\system32\drivers\usbintel.sy s [08/03/2004 11:08 PM 15872]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/25/2006 6:53 AM 30192]
S3 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [02/27/2009 9:52 PM 97520]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://rogers.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6061025
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\k7tlghan.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.yahoo.com/
FF - component: c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\k7tlghan.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\k7tlghan.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 08:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(440)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-10 08:44:07
ComboFix-quarantined-files.txt 2010-01-10 13:44
ComboFix2.txt 2010-01-09 16:30
ComboFix3.txt 2010-01-08 04:09

Pre-Run: 225,710,817,280 bytes free
Post-Run: 225,691,308,032 bytes free

- - End Of File - - 93DC1297CD9C065B0DB145DDF0E1DDDE

When the cleaning has finished, consider replacing Rogers. I found very poor ratings on it when I was searching yesterday. The following are all free, programs we recommend frequently:

Both of the following antivirus programs-both are free and known to be good:

• Avira Free
  OR
• Avast Home

I recommend either of these software firewalls.- both are free and good:

• Comodo
  OR
• Zone Alarm

You should have only one software firewall. You may also use a router. Most routers have a hardware firewall in them. You can use both hardware and software firewalls together, but use only one software firewall.

Please use the site addresses I have given. They are for the free versions, firewall only. Some companies have bundled programs.

There are numerous "suites" that have both of the above, plus other protection. They are costly and require a yearly subscription change. My preference is stand-alone programs, but some prefer the suites.

kritius might have other recommendations for you.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

This is talk that can be left until the end.

I am reviewing the logs and will post later on. For now though lets focus.

__________________
Infected? Use the Preliminary Removal Instructions then post in the Virus and Malware Removal Forums

Sorry- but I did preface it with I wasn't familiar with the Rogers security and picked up the info.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

__________________
Infected? Use the Preliminary Removal Instructions then post in the Virus and Malware Removal Forums

I think I am cured. Though the computer is having trouble with wireless connection recently (since we started the clean up of the malware). Thanks again for helping to get rid of those ads.

Malwarebytes' Anti-Malware 1.44
Database version: 3600
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/19/2010 9:09:27 PM
mbam-log-2010-01-19 (21-09-27).txt

Scan type: Quick Scan
Objects scanned: 139204
Time elapsed: 16 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)