Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Sillyautorun.ABS Removal and Maybe Others Help!


  • This topic is locked This topic is locked
9 replies to this topic

#1 mauison

mauison

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 26 December 2008 - 07:20 PM

My CA Antivirus program keeps indicating that win32/Sillyautorun.ABS was found and deleted, but it keeps coming back again. Previous to this I also had the Vundo and Haxdoor E virus, but that seems to be gone although I am not sure if they are lurking somewhere on my computer.

Any help to resolve this would be appreciated.

paul


DDS (Version 1.1.0) - NTFSx86
Run by Dad at 14:07:02.26 on Fri 12/26/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.894 [GMT -10:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
AV: *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.40\QOELoader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070512
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c818d8a4-4185-418e-a345-e674aeeb2197} - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website

inspector\toolbar\CallingIDIE.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Easy Blogger Creator Pro] c:\program files\easy blogger creator pro\EBCServPro.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.40\QOELoader.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\hewlet~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\fru\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\sodumami.dll UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website

inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = scecli s t e m 3 2 \ s o d u m a m i . d l l d

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\slytw9vj.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\kmxstart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\kmxagent.sys [2008-8-6 72184]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\kmxfw.sys [2008-10-7 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\VET-FILT.sys [2008-12-25 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\VET-REC.sys [2008-12-25 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VETEFILE.sys [2008-12-25 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VETFDDNT.sys [2008-12-25 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\VETMONNT.sys [2008-12-25 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\ISafe.exe [2008-12-25 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-25 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-10-28 143864]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe" [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe" [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe" [2008-9-2 289272]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [2008-12-25 292080]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-12-25 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\kmxcfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe" [2008-12-25 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VETEBOOT.sys [2008-12-25 108368]
S2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe"

[2007-5-12 29744]

=============== Created Last 30 ================

2008-12-25 21:58 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-25 21:58 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-25 21:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-25 21:58 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 14:52 7 a------- c:\windows\system32\mkghj.dll
2008-12-25 14:51 <DIR> --d----- c:\docume~1\dad\applic~1\CallingID
2008-12-25 14:39 <DIR> --d----- c:\program files\ISSThirdParty
2008-12-25 14:39 <DIR> --d----- c:\program files\common files\Scanner
2008-12-24 19:38 <DIR> --d----- c:\program files\Market Samurai
2008-12-23 15:13 1,324 a------- c:\windows\system32\d3d9caps.dat
2008-12-22 11:23 1,603,449 ---sh--- c:\windows\system32\iwivajuz.ini
2008-12-21 23:23 1,603,449 ---sh--- c:\windows\system32\imewidul.ini
2008-12-21 17:54 <DIR> --d----- c:\documents and settings\dad\.housecall6.6
2008-12-20 23:22 1,603,449 ---sh--- c:\windows\system32\oyiwazev.ini
2008-12-20 13:41 1,603,449 ---sh--- c:\windows\system32\ovinutow.ini
2008-12-19 23:22 1,603,449 ---sh--- c:\windows\system32\igopiwop.ini
2008-12-19 11:22 1,603,449 ---sh--- c:\windows\system32\igosidos.ini
2008-12-18 23:27 1,603,449 a--sh--- c:\windows\system32\irajajug.ini
2008-12-18 11:27 1,603,449 ---sh--- c:\windows\system32\ugasavom.ini
2008-12-17 14:58 <DIR> --d----- c:\program files\Bonjour
2008-12-15 13:31 94,208 a------- c:\windows\system32\GTW32N50.dll
2008-12-15 13:31 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2008-12-15 13:31 15,872 a------- c:\windows\system32\GTNDIS5.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 14:36 <DIR> --d----- c:\program files\AirPort
2008-11-26 15:45 <DIR> --d----- c:\program files\iPod
2008-11-26 15:45 <DIR> --d----- c:\program files\iTunes
2008-11-26 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-12-25 22:08 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-25 14:41 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2008-12-25 14:41 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-25 14:39 2,732,032 a------- c:\windows\system32\win32cpr.dll
2008-12-25 14:39 1,568,870 a------- c:\windows\system32\winsflt.dll
2008-12-12 20:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 16:58 231,276 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 20:41 1,254,640 a------- c:\windows\system32\cfgmig32.dll
2008-11-01 19:06 83,256 a------- c:\windows\system32\vetredir.dll
2008-11-01 19:06 111,856 a------- c:\windows\system32\isafprod.dll
2008-11-01 19:06 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2008-11-01 19:06 99,568 a------- c:\windows\system32\isafeif.dll
2008-11-01 19:06 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2008-11-01 19:06 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2008-11-01 19:06 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2008-10-31 15:57 264,696 a------- c:\windows\system32\UmxSbxw.dll
2008-10-31 15:57 113,144 a------- c:\windows\system32\UmxSbxExw.dll
2008-10-28 17:41 143,864 a------- c:\windows\system32\drivers\KmxCF.sys
2008-10-24 01:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 02:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 02:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 03:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 03:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 06:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 21:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 21:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 00:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 00:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2007-03-30 12:22 2,679,296 a------- c:\docume~1\dad\applic~1\Article Infuser.exe
2006-12-25 17:18 535,552 a------- c:\docume~1\dad\applic~1\AIUpdate.exe
2006-12-18 16:28 88,576 a------- c:\docume~1\dad\applic~1\DelRegAI.exe
2004-08-04 00:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 14:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 14:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 14:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 14:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 14:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-08-31 16:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 14:08:38.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 01 January 2009 - 04:23 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your issue.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop. If you have already run ComboFix, delete your copy and download a new one. If the computer is unable to download ComboFix, use a removable media to transfer the file.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Please also include a new HijackThis or DDS log.

Give me an update on symptoms you have right now.

With Regards,
The Panda

#3 mauison

mauison
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 01 January 2009 - 11:45 PM

Have not noticed the AV program showing it has found the virus, Not sure if it is too early to tell.

Ran Combofix: Here's the log file

ComboFix 08-12-31.01 - Dad 2009-01-01 18:09:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.893 [GMT -10:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
AV: *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *disabled*
FW: *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\igopiwop.ini
c:\windows\system32\igosidos.ini
c:\windows\system32\imewidul.ini
c:\windows\system32\irajajug.ini
c:\windows\system32\iwivajuz.ini
c:\windows\system32\mkghj.dll
c:\windows\system32\ovinutow.ini
c:\windows\system32\oyiwazev.ini
c:\windows\system32\ugasavom.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-01 17:43 . 2009-01-01 18:17 <DIR> d-------- c:\program files\DNA
2009-01-01 17:43 . 2009-01-01 17:43 <DIR> d-------- c:\program files\BitTorrent
2009-01-01 17:43 . 2009-01-01 17:43 <DIR> d-------- c:\program files\AskBarDis
2009-01-01 17:43 . 2009-01-01 18:17 <DIR> d-------- c:\documents and settings\Dad\Application Data\DNA
2009-01-01 17:43 . 2009-01-01 18:14 <DIR> d-------- c:\documents and settings\Dad\Application Data\BitTorrent
2009-01-01 03:01 . 2009-01-01 18:15 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-31 16:15 . 2008-12-31 16:15 <DIR> d-------- c:\windows\EGE5VMD41RANMSRQ
2008-12-31 16:09 . 2008-12-31 16:09 <DIR> d-------- c:\program files\ISSThirdParty
2008-12-31 16:09 . 2008-12-31 16:09 <DIR> d-------- c:\program files\Common Files\Scanner
2008-12-31 16:09 . 2008-09-07 15:54 11,333,632 --a------ c:\windows\cfgmng32.exe
2008-12-31 16:07 . 2008-12-31 16:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\CA
2008-12-31 14:10 . 2008-12-31 14:54 121 --a------ c:\windows\bdagent.INI
2008-12-31 12:36 . 2008-12-31 12:36 <DIR> d-------- c:\documents and settings\Dad\Application Data\Windows Desktop Search
2008-12-31 12:35 . 2008-12-31 12:35 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-31 12:35 . 2008-12-31 12:35 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-31 12:35 . 2008-03-07 07:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2008-12-31 12:35 . 2008-03-07 07:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2008-12-31 12:35 . 2008-03-07 07:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 17:34 . 2008-12-30 17:34 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-30 17:34 . 2008-12-30 17:34 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-30 17:31 . 2008-12-30 17:31 <DIR> d-------- c:\windows\system32\logs
2008-12-30 17:31 . 2008-12-30 17:47 <DIR> d-------- C:\Binaries
2008-12-30 17:30 . 2008-12-31 15:52 <DIR> d-------- c:\program files\BitDefender
2008-12-25 21:58 . 2008-04-13 14:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-25 21:58 . 2008-04-13 08:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-25 21:58 . 2008-04-13 08:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-25 21:58 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-25 20:35 . 2008-12-26 00:40 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-25 14:54 . 2008-12-25 14:54 <DIR> d-------- c:\windows\ZUSQOFDB9ZJWNMSR
2008-12-25 14:51 . 2008-12-31 16:14 <DIR> d-------- c:\documents and settings\Dad\Application Data\CallingID
2008-12-25 14:39 . 2008-12-31 16:09 <DIR> d-------- c:\windows\rnapxs
2008-12-24 19:38 . 2008-12-24 19:38 <DIR> d-------- c:\program files\Market Samurai
2008-12-23 17:56 . 2008-12-30 17:29 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-23 15:13 . 2008-12-25 14:50 1,324 --a------ c:\windows\system32\d3d9caps.dat
2008-12-21 17:54 . 2008-12-23 15:30 <DIR> d-------- c:\documents and settings\Dad\.housecall6.6
2008-12-17 14:58 . 2008-12-17 14:58 <DIR> d-------- c:\program files\Bonjour
2008-12-15 13:31 . 2003-10-13 15:30 94,208 --a------ c:\windows\system32\GTW32N50.dll
2008-12-15 13:31 . 2003-09-25 23:28 31,930 --a------ c:\windows\system32\GTNDIS3.VXD
2008-12-15 13:31 . 2003-09-25 22:15 15,872 --a------ c:\windows\system32\GTNDIS5.sys
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 14:36 . 2008-12-11 16:36 <DIR> d-------- c:\program files\AirPort

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 14:16 --------- d-----w c:\program files\Easy Blogger Creator Pro
2009-01-01 02:11 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-01-01 02:11 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-01-01 02:09 2,732,032 ----a-w c:\windows\system32\win32cpr.dll
2009-01-01 02:09 1,568,870 ----a-w c:\windows\system32\winsflt.dll
2009-01-01 02:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 02:09 --------- d-----w c:\program files\CA
2008-12-27 22:34 5,018 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-27 22:34 --------- d-----w c:\documents and settings\Dad\Application Data\Corel
2008-12-25 17:57 --------- d-----w c:\program files\Market Tool
2008-12-25 17:57 --------- d-----w c:\program files\GTrends Made Easy
2008-12-23 09:32 --------- d-----w c:\program files\Java
2008-12-20 00:59 --------- d-----w c:\program files\Google
2008-12-13 10:09 --------- d-----w c:\documents and settings\Dad\Application Data\Apple Computer
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 08:19 --------- d-----w c:\documents and settings\Dad\Application Data\U3
2008-11-30 23:56 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-27 01:46 --------- d-----w c:\program files\iTunes
2008-11-27 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 01:45 --------- d-----w c:\program files\iPod
2008-11-27 01:45 --------- d-----w c:\program files\Common Files\Apple
2008-11-27 01:38 --------- d-----w c:\program files\QuickTime
2008-11-27 01:30 --------- d-----w c:\program files\Safari
2008-11-25 07:59 --------- d-----w c:\program files\DivX
2008-11-25 07:59 --------- d-----w c:\documents and settings\Dad\Application Data\Yahoo!
2008-11-25 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-18 08:15 --------- d-----w c:\documents and settings\Dad\Application Data\FileZilla
2008-11-18 08:01 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-10 15:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-08 06:41 1,254,640 ----a-w c:\windows\system32\cfgmig32.dll
2008-11-02 05:06 99,568 ----a-w c:\windows\system32\isafeif.dll
2008-11-02 05:06 83,256 ----a-w c:\windows\system32\vetredir.dll
2008-11-02 05:06 26,352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2008-11-02 05:06 21,488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2008-11-02 05:06 21,104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2008-11-02 05:06 161,008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2008-11-02 05:06 111,856 ----a-w c:\windows\system32\isafprod.dll
2008-11-01 01:57 264,696 ----a-w c:\windows\system32\UmxSbxw.dll
2008-11-01 01:57 113,144 ----a-w c:\windows\system32\UmxSbxExw.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-17 00:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-17 00:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-17 00:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-17 00:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-17 00:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-17 00:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-17 00:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-17 00:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-17 00:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-17 00:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-17 00:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-17 00:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-17 00:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-17 00:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-10 01:31 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2007-03-30 22:22 2,679,296 ----a-w c:\documents and settings\Dad\Application Data\Article Infuser.exe
2006-12-26 03:18 535,552 ----a-w c:\documents and settings\Dad\Application Data\AIUpdate.exe
2006-12-19 02:28 88,576 ----a-w c:\documents and settings\Dad\Application Data\DelRegAI.exe
2008-10-31 03:34 39,424 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-10 16:07 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-08-04 10:00 94,784 --sh--w c:\windows\twain.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe
2008-09-01 02:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-04 160568]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-01 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-04 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-10 29744]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"Easy Blogger Creator Pro"="c:\program files\Easy Blogger Creator Pro\EBCServPro.exe" [2007-09-20 749568]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2008-11-07 349424]
"dvHighMem"="c:\windows\cfgmng32.exe" [2008-09-07 11333632]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-11-01 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2008-11-04 324848]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.40\QOELoader.exe" [2008-12-31 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-11-09 632048]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-11-09 668912]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]

c:\documents and settings\Dad\Start Menu\Programs\Startup\
Hewlett-Packard Recorder.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe [2000-08-24 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HPAiODevice(hp officejet d series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-09-26 491582]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-09-15 1377720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 16:46 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli s t e m 3 2 \ o d u a i . l

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CA\\SharedComponents\\HIPSEngine\\UmxPol.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-08-06 72184]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-08-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-10-07 115704]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2008-12-31 128240]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-10-28 143864]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
R2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2008-09-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-09-02 289272]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-12-31 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-12-31 222448]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-12 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{82554A7E-37A0-421D-B539-D319F0A9803E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c818d8a4-4185-418e-a345-e674aeeb2197} - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\slytw9vj.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 18:16:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sigmatel\GlobalState]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=Administrators
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (B 1 2 3 4 5) (S-1-5-4)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\winsflt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mdmcls32.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\mdmcls32.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\windows\system32\mdmcls32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
.
**************************************************************************
.
Completion time: 2009-01-01 18:22:18 - machine was rebooted [Dad]
ComboFix-quarantined-files.txt 2009-01-02 04:22:13

Pre-Run: 184,106,221,568 bytes free
Post-Run: 184,614,498,304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

350 --- E O F --- 2009-01-01 13:01:23





DDS File:


DDS (Version 1.1.0) - NTFSx86
Run by Dad at 18:38:40.28 on Thu 01/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1259 [GMT -10:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated)
AV: *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *disabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.40\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Easy Blogger Creator Pro] c:\program files\easy blogger creator pro\EBCServPro.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.40\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\hewlet~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\fru\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = scecli s t e m 3 2 \ o d u a i . l

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\slytw9vj.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\kmxstart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\kmxagent.sys [2008-8-6 72184]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\kmxfw.sys [2008-10-7 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\VET-FILT.sys [2008-12-31 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\VET-REC.sys [2008-12-31 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VETEFILE.sys [2008-12-31 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VETFDDNT.sys [2008-12-31 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\VETMONNT.sys [2008-12-31 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\ISafe.exe [2008-12-31 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-31 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-10-28 143864]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe" [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe" [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe" [2008-9-2 289272]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [2008-12-31 292080]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-12-31 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\kmxcfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe" [2008-12-31 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VETEBOOT.sys [2008-12-31 108368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2007-5-12 29744]

=============== Created Last 30 ================

2009-01-01 18:05 <DIR> a-dshr-- C:\cmdcons
2009-01-01 17:59 161,792 a------- c:\windows\SWREG.exe
2009-01-01 17:59 98,816 a------- c:\windows\sed.exe
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\BitTorrent
2009-01-01 17:43 <DIR> --d----- c:\program files\DNA
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\DNA
2009-01-01 17:43 <DIR> --d----- c:\program files\BitTorrent
2009-01-01 17:43 <DIR> --d----- c:\program files\AskBarDis
2009-01-01 03:01 <DIR> --d----- c:\windows\SxsCaPendDel
2008-12-31 16:15 <DIR> --d----- c:\windows\EGE5VMD41RANMSRQ
2008-12-31 16:09 <DIR> --d----- c:\program files\ISSThirdParty
2008-12-31 16:09 250,544 a------- c:\windows\system32\KeyHelp.ocx
2008-12-31 16:09 <DIR> --d----- c:\program files\common files\Scanner
2008-12-31 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2008-12-31 14:10 121 a------- c:\windows\bdagent.INI
2008-12-31 12:36 <DIR> --d----- c:\docume~1\dad\applic~1\Windows Desktop Search
2008-12-31 12:35 <DIR> --d----- c:\windows\system32\GroupPolicy
2008-12-31 12:35 <DIR> --d----- c:\program files\Windows Desktop Search
2008-12-31 12:35 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2008-12-31 12:35 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2008-12-31 12:35 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 17:34 850 a------- c:\windows\system32\ProductTweaks.xml
2008-12-30 17:34 385 a------- c:\windows\system32\user_gensett.xml
2008-12-30 17:31 <DIR> --d----- c:\windows\system32\logs
2008-12-30 17:31 <DIR> --d----- C:\Binaries
2008-12-30 17:30 <DIR> --d----- c:\program files\BitDefender
2008-12-25 21:58 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-25 21:58 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-25 21:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-25 21:58 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 14:54 <DIR> --d----- c:\windows\ZUSQOFDB9ZJWNMSR
2008-12-25 14:51 <DIR> --d----- c:\docume~1\dad\applic~1\CallingID
2008-12-25 14:39 <DIR> --d----- c:\windows\rnapxs
2008-12-24 19:38 <DIR> --d----- c:\program files\Market Samurai
2008-12-23 15:13 1,324 a------- c:\windows\system32\d3d9caps.dat
2008-12-21 17:54 <DIR> --d----- c:\documents and settings\dad\.housecall6.6
2008-12-17 14:58 <DIR> --d----- c:\program files\Bonjour
2008-12-15 13:31 94,208 a------- c:\windows\system32\GTW32N50.dll
2008-12-15 13:31 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2008-12-15 13:31 15,872 a------- c:\windows\system32\GTNDIS5.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 14:36 <DIR> --d----- c:\program files\AirPort

==================== Find3M ====================

2008-12-31 16:11 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2008-12-31 16:11 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-31 16:09 2,732,032 a------- c:\windows\system32\win32cpr.dll
2008-12-31 16:09 1,568,870 a------- c:\windows\system32\winsflt.dll
2008-12-27 12:34 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 20:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 16:58 231,276 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 20:41 1,254,640 a------- c:\windows\system32\cfgmig32.dll
2008-11-01 19:06 83,256 a------- c:\windows\system32\vetredir.dll
2008-11-01 19:06 111,856 a------- c:\windows\system32\isafprod.dll
2008-11-01 19:06 99,568 a------- c:\windows\system32\isafeif.dll
2008-10-31 15:57 264,696 a------- c:\windows\system32\UmxSbxw.dll
2008-10-31 15:57 113,144 a------- c:\windows\system32\UmxSbxExw.dll
2008-10-24 01:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 02:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 02:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 03:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 03:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 06:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 21:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 21:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-09 15:31 192,512 a------- c:\windows\system32\txmlutil.dll
2007-03-30 12:22 2,679,296 a------- c:\docume~1\dad\applic~1\Article Infuser.exe
2006-12-25 17:18 535,552 a------- c:\docume~1\dad\applic~1\AIUpdate.exe
2006-12-18 16:28 88,576 a------- c:\docume~1\dad\applic~1\DelRegAI.exe
2004-08-04 00:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 14:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 14:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 14:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 14:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 14:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-08-31 16:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 18:39:49.51 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 02 January 2009 - 08:51 AM

Hello.

You have the AskToolbar installed. This is considered adware by many to be adware. Would you like to remove this program?

Create and Run Batch Script
I want to take a look at the contents of a few folders.
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    for %%a in (
    "c:\windows\rnapxs"
    "c:\program files\ISSThirdParty"
    "c:\program files\Common Files\Scanner"
    "c:\windows\EGE5VMD41RANMSRQ"
    "c:\windows\ZUSQOFDB9ZJWNMSR"
    ) DO (
    ECHO ---Directory of %%~a--->>report.txt
    vfind -l "%%~a\*">>report.txt
    )
    start notepad report
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click Fix.bat. You will see a black Command Prompt window open, followed by a notepad containing report.txt. Copy the contents of the notepad into your next reply.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Follow the directions given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Update Windows Installation
Your Microsoft Windows installation is out of date. Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please feel free to ask for help.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.

Please post back with:
-the Report.txt
-the MalwareBytes log
-a fresh DDS log

With Regards,
The Panda

#5 mauison

mauison
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 02 January 2009 - 04:46 PM

Hi Panda,

Yes I would like to remove the asktoolbar. Thank you for all your help!

Here is the report for fix.bat script:

---Directory of c:\windows\rnapxs---
d-----w 0 2009-01-01 02:09:14 c:\windows\rnapxs\CSDK
d-----w 0 2009-01-01 05:11:10 c:\windows\rnapxs\logs
--sha-w 30,720 2009-01-01 02:09:22 c:\windows\rnapxs\rnapxs.dat
d-----w 0 2009-01-02 04:18:47 c:\windows\rnapxs\StLst
d-----w 0 2009-01-01 02:09:14 c:\windows\rnapxs\CSDK\data
d-----w 0 2009-01-01 02:14:22 c:\windows\rnapxs\CSDK\urlcache
----a-w 12,047 2007-03-08 00:56:16 c:\windows\rnapxs\CSDK\data\dic
----a-w 191 2006-01-12 02:05:02 c:\windows\rnapxs\CSDK\data\enc
----a-w 2,028,519 2006-01-12 02:05:04 c:\windows\rnapxs\CSDK\data\n00
----a-w 1,708,978 2006-01-12 02:05:02 c:\windows\rnapxs\CSDK\data\n01
----a-w 53,248 2009-01-02 08:32:29 c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
----a-w 102,400 2009-01-02 08:32:20 c:\windows\rnapxs\CSDK\urlcache\domainNames.idx
----a-w 466,944 2009-01-02 13:52:27 c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
----a-w 1,036,288 2009-01-02 09:22:08 c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.idx
----a-w 199,216 2009-01-01 09:28:53 c:\windows\rnapxs\logs\20081231.plf
----a-w 286,369 2009-01-02 04:16:04 c:\windows\rnapxs\logs\20090101.plf
----a-w 5,522,588 2009-01-02 04:18:47 c:\windows\rnapxs\StLst\icnStLst
----a-w 29 2009-01-01 07:56:11 c:\windows\rnapxs\StLst\rutops.dat

---Directory of c:\program files\ISSThirdParty---
----atw 283,888 2009-01-01 02:09:50 c:\program files\ISSThirdParty\CLucene.dll
----atw 66,800 2009-01-01 02:09:50 c:\program files\ISSThirdParty\DKIM.dll
----atw 992,496 2009-01-01 02:09:50 c:\program files\ISSThirdParty\libetpki_openssl_crypto.dll
----atw 522 2009-01-01 02:09:50 c:\program files\ISSThirdParty\Microsoft.VC80.CRT.manifest
----atw 548,864 2009-01-01 02:09:50 c:\program files\ISSThirdParty\msvcp80.dll
----atw 348,160 2009-01-01 02:09:50 c:\program files\ISSThirdParty\msvcr71.dll
----atw 626,688 2009-01-01 02:09:50 c:\program files\ISSThirdParty\msvcr80.dll
----atw 87,280 2009-01-01 02:09:50 c:\program files\ISSThirdParty\SPF.dll

---Directory of c:\program files\Common Files\Scanner---
----a-w 820,464 2008-11-04 18:14:10 c:\program files\Common Files\Scanner\ppctl.dll

---Directory of c:\windows\EGE5VMD41RANMSRQ---
---Directory of c:\windows\ZUSQOFDB9ZJWNMSR---


Log File for Malwarebytes:

Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 5.1.2600 Service Pack 3

1/2/2009 10:55:43 AM
mbam-log-2009-01-02 (10-55-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 377465
Time elapsed: 1 hour(s), 59 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dad\Application Data\Article Infuser.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.


DDS File:


DDS (Version 1.1.0) - NTFSx86
Run by Dad at 11:40:19.23 on Fri 01/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1059 [GMT -10:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
AV: *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.40\QOELoader.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\Dad\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Easy Blogger Creator Pro] c:\program files\easy blogger creator pro\EBCServPro.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.40\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [CaPPcl] c:\program files\ca\ca internet security suite\ca anti-spyware\CAAntiSpyware.exe /scan /startup
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\hewlet~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\fru\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = scecli s t e m 3 2 \ o d u a i . l

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\slytw9vj.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\kmxstart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\kmxagent.sys [2008-8-6 72184]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\kmxfw.sys [2008-10-7 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\VET-FILT.sys [2008-12-31 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\VET-REC.sys [2008-12-31 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VETEFILE.sys [2008-12-31 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VETFDDNT.sys [2008-12-31 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\VETMONNT.sys [2008-12-31 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\ISafe.exe [2008-12-31 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-31 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-10-28 143864]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe" [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe" [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe" [2008-9-2 289272]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [2008-12-31 292080]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-12-31 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\kmxcfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe" [2008-12-31 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VETEBOOT.sys [2008-12-31 108368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2007-5-12 29744]

=============== Created Last 30 ================

2009-01-02 08:47 <DIR> --d----- c:\docume~1\dad\applic~1\Malwarebytes
2009-01-02 08:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 08:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 08:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 08:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 18:50 134 a------- c:\windows\system32\CTSTATUS.FCS
2009-01-01 18:05 <DIR> a-dshr-- C:\cmdcons
2009-01-01 17:59 161,792 a------- c:\windows\SWREG.exe
2009-01-01 17:59 98,816 a------- c:\windows\sed.exe
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\BitTorrent
2009-01-01 17:43 <DIR> --d----- c:\program files\DNA
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\DNA
2009-01-01 17:43 <DIR> --d----- c:\program files\BitTorrent
2009-01-01 17:43 <DIR> --d----- c:\program files\AskBarDis
2009-01-01 03:01 <DIR> --d----- c:\windows\SxsCaPendDel
2008-12-31 16:15 <DIR> --d----- c:\windows\EGE5VMD41RANMSRQ
2008-12-31 16:09 <DIR> --d----- c:\program files\ISSThirdParty
2008-12-31 16:09 250,544 a------- c:\windows\system32\KeyHelp.ocx
2008-12-31 16:09 <DIR> --d----- c:\program files\common files\Scanner
2008-12-31 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2008-12-31 14:10 121 a------- c:\windows\bdagent.INI
2008-12-31 12:36 <DIR> --d----- c:\docume~1\dad\applic~1\Windows Desktop Search
2008-12-31 12:35 <DIR> --d----- c:\windows\system32\GroupPolicy
2008-12-31 12:35 <DIR> --d----- c:\program files\Windows Desktop Search
2008-12-31 12:35 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2008-12-31 12:35 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2008-12-31 12:35 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 17:34 850 a------- c:\windows\system32\ProductTweaks.xml
2008-12-30 17:34 385 a------- c:\windows\system32\user_gensett.xml
2008-12-30 17:31 <DIR> --d----- c:\windows\system32\logs
2008-12-30 17:31 <DIR> --d----- C:\Binaries
2008-12-30 17:30 <DIR> --d----- c:\program files\BitDefender
2008-12-25 21:58 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-25 21:58 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-25 21:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-25 21:58 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 14:54 <DIR> --d----- c:\windows\ZUSQOFDB9ZJWNMSR
2008-12-25 14:51 <DIR> --d----- c:\docume~1\dad\applic~1\CallingID
2008-12-25 14:39 <DIR> --d----- c:\windows\rnapxs
2008-12-24 19:38 <DIR> --d----- c:\program files\Market Samurai
2008-12-23 15:13 1,324 a------- c:\windows\system32\d3d9caps.dat
2008-12-21 17:54 <DIR> --d----- c:\documents and settings\dad\.housecall6.6
2008-12-17 14:58 <DIR> --d----- c:\program files\Bonjour
2008-12-15 13:31 94,208 a------- c:\windows\system32\GTW32N50.dll
2008-12-15 13:31 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2008-12-15 13:31 15,872 a------- c:\windows\system32\GTNDIS5.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 14:36 <DIR> --d----- c:\program files\AirPort

==================== Find3M ====================

2008-12-31 16:11 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2008-12-31 16:11 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-31 16:09 2,732,032 a------- c:\windows\system32\win32cpr.dll
2008-12-31 16:09 1,568,870 a------- c:\windows\system32\winsflt.dll
2008-12-27 12:34 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 20:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 16:58 231,276 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 20:41 1,254,640 a------- c:\windows\system32\cfgmig32.dll
2008-11-01 19:06 83,256 a------- c:\windows\system32\vetredir.dll
2008-11-01 19:06 111,856 a------- c:\windows\system32\isafprod.dll
2008-11-01 19:06 99,568 a------- c:\windows\system32\isafeif.dll
2008-10-31 15:57 264,696 a------- c:\windows\system32\UmxSbxw.dll
2008-10-31 15:57 113,144 a------- c:\windows\system32\UmxSbxExw.dll
2008-10-24 01:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 02:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 02:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 03:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 03:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 06:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 21:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 21:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-09 15:31 192,512 a------- c:\windows\system32\txmlutil.dll
2006-12-25 17:18 535,552 a------- c:\docume~1\dad\applic~1\AIUpdate.exe
2006-12-18 16:28 88,576 a------- c:\docume~1\dad\applic~1\DelRegAI.exe
2004-08-04 00:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 14:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 14:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 14:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 14:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 14:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-08-31 16:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 11:42:58.28 ===============

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 02 January 2009 - 05:35 PM

Hello.

Looks good.

First, use the uninstall entry in Add/Remove Programs to try to remove the AskToolbar. It doesn't always go quietly.. if so, we'll rip it out next round.

While you are there, also remove these old versions of Java:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1

Update Windows Installation
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please feel free to ask for help.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.

Please post back a new DDS log. Just DDS.txt is fine.

With Regards,
The Panda

#7 mauison

mauison
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 02 January 2009 - 08:16 PM

Hi Panda,

Windows Updates have been installed and here is the DDS log. Also looks like I have removed the Asktoolbar. If everything ends up okay, what anti-virus/spyware program would you recommend?

Thank you for all the help in getting rid of the virus/spyware from my computer.

paul

DDS (Version 1.1.0) - NTFSx86
Run by Dad at 14:30:21.09 on Fri 01/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1113 [GMT -10:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
AV: *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Easy Blogger Creator Pro\EBCServPro.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.40\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\Dad\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Easy Blogger Creator Pro] c:\program files\easy blogger creator pro\EBCServPro.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.40\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [CaPPcl] c:\program files\ca\ca internet security suite\ca anti-spyware\CAAntiSpyware.exe /scan /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\hewlet~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\fru\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = scecli s t e m 3 2 \ o d u a i . l

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\slytw9vj.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\kmxstart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\kmxagent.sys [2008-8-6 72184]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\kmxfw.sys [2008-10-7 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\VET-FILT.sys [2008-12-31 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\VET-REC.sys [2008-12-31 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VETEFILE.sys [2008-12-31 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VETFDDNT.sys [2008-12-31 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\VETMONNT.sys [2008-12-31 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\ISafe.exe [2008-12-31 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-31 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-10-28 143864]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe" [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe" [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;"c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe" [2008-9-2 289272]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [2008-12-31 292080]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-12-31 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\kmxcfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe" [2008-12-31 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VETEBOOT.sys [2008-12-31 108368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2007-5-12 29744]

=============== Created Last 30 ================

2009-01-02 08:47 <DIR> --d----- c:\docume~1\dad\applic~1\Malwarebytes
2009-01-02 08:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 08:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 08:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 08:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 18:50 670 a------- c:\windows\system32\CTSTATUS.FCS
2009-01-01 18:05 <DIR> a-dshr-- C:\cmdcons
2009-01-01 17:59 161,792 a------- c:\windows\SWREG.exe
2009-01-01 17:59 98,816 a------- c:\windows\sed.exe
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\BitTorrent
2009-01-01 17:43 <DIR> --d----- c:\program files\DNA
2009-01-01 17:43 <DIR> --d----- c:\docume~1\dad\applic~1\DNA
2009-01-01 17:43 <DIR> --d----- c:\program files\BitTorrent
2009-01-01 03:01 <DIR> --d----- c:\windows\SxsCaPendDel
2008-12-31 16:15 <DIR> --d----- c:\windows\EGE5VMD41RANMSRQ
2008-12-31 16:09 <DIR> --d----- c:\program files\ISSThirdParty
2008-12-31 16:09 250,544 a------- c:\windows\system32\KeyHelp.ocx
2008-12-31 16:09 <DIR> --d----- c:\program files\common files\Scanner
2008-12-31 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2008-12-31 14:10 121 a------- c:\windows\bdagent.INI
2008-12-31 12:36 <DIR> --d----- c:\docume~1\dad\applic~1\Windows Desktop Search
2008-12-31 12:35 <DIR> --d----- c:\windows\system32\GroupPolicy
2008-12-31 12:35 <DIR> --d----- c:\program files\Windows Desktop Search
2008-12-31 12:35 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2008-12-31 12:35 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2008-12-31 12:35 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 17:34 850 a------- c:\windows\system32\ProductTweaks.xml
2008-12-30 17:34 385 a------- c:\windows\system32\user_gensett.xml
2008-12-30 17:31 <DIR> --d----- c:\windows\system32\logs
2008-12-30 17:31 <DIR> --d----- C:\Binaries
2008-12-30 17:30 <DIR> --d----- c:\program files\BitDefender
2008-12-25 21:58 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-25 21:58 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-25 21:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-25 21:58 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 14:54 <DIR> --d----- c:\windows\ZUSQOFDB9ZJWNMSR
2008-12-25 14:51 <DIR> --d----- c:\docume~1\dad\applic~1\CallingID
2008-12-25 14:39 <DIR> --d----- c:\windows\rnapxs
2008-12-24 19:38 <DIR> --d----- c:\program files\Market Samurai
2008-12-23 15:13 1,324 a------- c:\windows\system32\d3d9caps.dat
2008-12-21 17:54 <DIR> --d----- c:\documents and settings\dad\.housecall6.6
2008-12-17 14:58 <DIR> --d----- c:\program files\Bonjour
2008-12-15 13:31 94,208 a------- c:\windows\system32\GTW32N50.dll
2008-12-15 13:31 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2008-12-15 13:31 15,872 a------- c:\windows\system32\GTNDIS5.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 14:36 <DIR> --d----- c:\program files\AirPort

==================== Find3M ====================

2008-12-31 16:11 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2008-12-31 16:11 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-31 16:09 2,732,032 a------- c:\windows\system32\win32cpr.dll
2008-12-31 16:09 1,568,870 a------- c:\windows\system32\winsflt.dll
2008-12-27 12:34 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 20:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 16:58 231,276 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 20:41 1,254,640 a------- c:\windows\system32\cfgmig32.dll
2008-11-01 19:06 83,256 a------- c:\windows\system32\vetredir.dll
2008-11-01 19:06 111,856 a------- c:\windows\system32\isafprod.dll
2008-11-01 19:06 99,568 a------- c:\windows\system32\isafeif.dll
2008-10-31 15:57 264,696 a------- c:\windows\system32\UmxSbxw.dll
2008-10-31 15:57 113,144 a------- c:\windows\system32\UmxSbxExw.dll
2008-10-24 01:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 02:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 02:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 03:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 03:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 06:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 21:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 21:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-09 15:31 192,512 a------- c:\windows\system32\txmlutil.dll
2006-12-25 17:18 535,552 a------- c:\docume~1\dad\applic~1\AIUpdate.exe
2006-12-18 16:28 88,576 a------- c:\docume~1\dad\applic~1\DelRegAI.exe
2004-08-04 00:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 14:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 14:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 14:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll
2008-04-13 14:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 14:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-08-31 16:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 14:33:19.78 ===============

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 03 January 2009 - 08:18 AM

Hello.

Looks good. If you have no problems on your side, then we can wrap up.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#9 mauison

mauison
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 03 January 2009 - 01:18 PM

Panda,

Thanks for all your help!
paul

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 03 January 2009 - 01:25 PM

Welcome :thumbsup: .

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users