Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i am infected, cannot seem to remove


  • This topic is locked This topic is locked
16 replies to this topic

#1 milfordinvestments

milfordinvestments

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 05 March 2009 - 09:43 AM

I have picked up some kind of virus, seems to stop my ability to go to windows update, sometimes will not let me use wireless internet, will not let me use any virus updating. If i log on internet with broadband card it seems to bypass virus, comes back everytime i strt computer. i thought i had it licked again last eve, but it appeared again today. none of my spyware has found.
tried
malwarebytes
super anti spy
avast
adware
bazooka
windows defender
trenmicro housecall
windows live one care
etc....etc...


DDS (Ver_09-02-01.01) - NTFSx86
Run by Matt Kohler at 8:36:02.92 on Thu 03/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2360 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090305-0] *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt Kohler\Local Settings\Temporary Internet Files\Content.IE5\5NXIWFAS\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.blackle.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\mattko~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225331532437
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-4 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-4 138680]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-2-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-1 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-8 108160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-4 352920]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-1 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-2-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-1 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-8 244368]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090303.003\naveng.sys [2009-3-3 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090303.003\navex15.sys [2009-3-3 876144]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-2 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-9-8 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-8 277504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-6-5 265216]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-3-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032]

=============== Created Last 30 ================

2009-03-04 17:05 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 13:57 <DIR> --d----- c:\program files\ESET
2009-03-04 13:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-03-04 09:10 389,120 a------- c:\windows\system32\CF20844.exe
2009-03-03 18:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 18:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 18:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 17:16 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-24 17:07 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-24 14:16 <DIR> --d----- c:\docume~1\mattko~1\applic~1\SUPERAntiSpyware.com
2009-02-21 18:47 351 a------- c:\windows\system\Flywave.dll
2009-02-21 18:47 25 a------- c:\windows\system\CmCnfgw.ini
2009-02-21 18:46 <DIR> --d----- c:\program files\Linksys
2009-02-19 18:53 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-17 20:34 <DIR> --d----- c:\docume~1\mattko~1\applic~1\Uniblue
2009-02-17 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-17 20:12 <DIR> --d----- c:\program files\common files\Zeepe Framework 7
2009-02-17 12:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 20:45 <DIR> --d----- c:\program files\Telespree
2009-02-16 20:45 <DIR> --d----- c:\program files\common files\Telespree
2009-02-16 20:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AT&T
2009-02-16 20:40 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-02-16 20:40 1,904 -------- c:\windows\system32\SetupBD.din
2009-02-16 20:27 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-02-16 20:27 5,029,888 a------- c:\windows\system32\BCMWLCPL.CPL
2009-02-16 20:27 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-02-16 20:27 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-02-16 20:27 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-02-16 20:27 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-16 20:27 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-02-16 20:27 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-02-16 20:27 65,536 a------- c:\windows\system32\wltrynt.dll
2009-02-16 20:27 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-16 20:27 24,064 a------- c:\windows\system32\WLTRYSVC.EXE
2009-02-14 21:26 <DIR> --d----- c:\program files\SmartFTP Client
2009-02-10 08:55 <DIR> --d----- c:\windows\system32\Color
2009-02-10 08:55 <DIR> --d----- c:\program files\NewView
2009-02-10 08:55 <DIR> --d----- c:\documents and settings\matt kohler\WINDOWS
2009-02-05 18:17 726,008 a------- c:\documents and settings\matt kohler\gotomypc_438.exe
2009-02-03 17:47 <DIR> --d----- c:\program files\iPod
2009-02-03 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-03-02 20:21 184,488 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-28 17:24 53,733 a------- c:\windows\system32\nvModes.dat
2009-02-16 20:42 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-02-16 20:42 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 13:29 116,930 a------- c:\windows\hpoins11.dat
2009-01-07 09:35 28,032 a------- c:\windows\system32\drivers\sustucau.sys
2009-01-07 09:35 47,360 a------- c:\windows\system32\drivers\sustucap.sys
2009-01-07 09:35 47,360 a------- c:\windows\system32\drivers\sustucam.sys
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-10 10:07 104,438 a------- c:\windows\hpoins04.dat
2008-11-14 18:56 726,008 a------- c:\documents and settings\matt kohler\gotomypc_437.exe
2008-09-20 17:28 61,224 a------- c:\documents and settings\matt kohler\GoToAssistDownloadHelper.exe
2008-09-20 09:26 74 ---shr-- c:\windows\CT4CET.bin
2008-09-21 17:17 1,570 a--sh--- c:\windows\system32\kSssvGgh.ini2

============= FINISH: 8:36:11.34 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 16 March 2009 - 10:57 PM

Hello milfordinvestments,

Sorry for the delay. We have over 600 logs backed up and only a few helpers.

Since it has been a few days, please post a fresh DDS log so I can see if anything has changed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 17 March 2009 - 08:53 AM

Hi Thanks for review,
Seem to have booted main virus somehow but still occasionaly getting small ones:
here's new log:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt Kohler at 8:47:49.15 on Tue 03/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2615 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090316-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt Kohler\Local Settings\Temporary Internet Files\Content.IE5\4GB0YVSK\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mattko~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225331532437
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-4 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-4 138680]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-2-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-1 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-8 108160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-4 352920]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-1 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-2-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-1 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-8 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-2 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-9-8 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-8 277504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-6-5 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-3-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032]

=============== Created Last 30 ================

2009-03-11 19:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 19:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 18:05 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 14:57 <DIR> --d----- c:\program files\ESET
2009-03-04 14:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-03-04 10:10 389,120 a------- c:\windows\system32\CF20844.exe
2009-02-24 18:16 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-24 15:16 <DIR> --d----- c:\docume~1\mattko~1\applic~1\SUPERAntiSpyware.com
2009-02-21 19:47 351 a------- c:\windows\system\Flywave.dll
2009-02-21 19:47 25 a------- c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 <DIR> --d----- c:\program files\Linksys
2009-02-19 19:53 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-17 21:34 <DIR> --d----- c:\docume~1\mattko~1\applic~1\Uniblue
2009-02-17 21:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-17 21:12 <DIR> --d----- c:\program files\common files\Zeepe Framework 7
2009-02-17 13:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 21:45 <DIR> --d----- c:\program files\Telespree
2009-02-16 21:45 <DIR> --d----- c:\program files\common files\Telespree
2009-02-16 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AT&T
2009-02-16 21:40 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-02-16 21:40 1,904 -------- c:\windows\system32\SetupBD.din
2009-02-16 21:27 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-02-16 21:27 5,029,888 a------- c:\windows\system32\BCMWLCPL.CPL
2009-02-16 21:27 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-02-16 21:27 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-02-16 21:27 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-02-16 21:27 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-16 21:27 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-02-16 21:27 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-02-16 21:27 65,536 a------- c:\windows\system32\wltrynt.dll
2009-02-16 21:27 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-16 21:27 24,064 a------- c:\windows\system32\WLTRYSVC.EXE

==================== Find3M ====================

2009-03-02 21:21 184,488 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-28 18:24 53,733 a------- c:\windows\system32\nvModes.dat
2009-02-16 21:42 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-02-16 21:42 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 19:17 726,008 a------- c:\documents and settings\matt kohler\gotomypc_438.exe
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 14:29 116,930 a------- c:\windows\hpoins11.dat
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-11-14 19:56 726,008 a------- c:\documents and settings\matt kohler\gotomypc_437.exe
2008-09-20 18:28 61,224 a------- c:\documents and settings\matt kohler\GoToAssistDownloadHelper.exe
2008-09-20 10:26 74 ---shr-- c:\windows\CT4CET.bin
2008-09-21 18:17 1,570 a--sh--- c:\windows\system32\kSssvGgh.ini2

============= FINISH: 8:48:09.95 ===============

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 17 March 2009 - 10:21 AM

Hi milfordinvestments,

You FireFox is outdated. Please update it to the latest version 3.0.7

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
    You want the 32-bit version, not the 64 bit version :!:
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12".
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language, then press Continue Selecting Windows give you the 32 bit version.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u12-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 5
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read  Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVAST Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

AVAST will cause BSOD unless you disable it like this:
Posted Image

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Disconnect your internet connection cable from the computer while running ComboFix.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..

A caution -
Disconnect your internet connection cable from the computer while running ComboFix.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 17 March 2009 - 02:18 PM

posted is is combofix log:


ComboFix 09-03-15.01 - Matt Kohler 2009-03-17 11:48:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2816 [GMT -5:00]
Running from: c:\documents and settings\Matt Kohler\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\394\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\394\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atinet.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atpng12.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atprtses.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atrares.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\394\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atwbxui5.dll
c:\windows\Downloaded Program Files\MyWebEx\394\rafilesp.dll
c:\windows\Downloaded Program Files\MyWebEx\394\ramtmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\394\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\394\trace.txt
c:\windows\Downloaded Program Files\MyWebEx\394\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\394\WbxDLDrv.exe
c:\windows\Downloaded Program Files\MyWebEx\394\WbxDLMgr.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\acdkkmyt.ini
c:\windows\system32\kSssvGgh.ini
c:\windows\system32\kSssvGgh.ini2

.
((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 10:56 . 2009-03-17 10:56 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-17 10:56 . 2009-03-17 10:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-16 21:05 . 2009-03-16 21:05 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\Move Networks
2009-03-11 19:27 . 2009-03-11 19:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 19:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-04 18:30 . 2009-03-04 18:30 <DIR> d-------- c:\program files\Alwil Software
2009-03-04 18:05 . 2009-03-04 18:05 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 14:57 . 2009-03-04 14:57 <DIR> d-------- c:\program files\ESET
2009-03-04 14:12 . 2009-03-04 14:12 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-24 18:16 . 2009-03-03 19:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 . 2009-01-09 14:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 . 2009-02-24 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-24 15:16 . 2009-02-24 15:16 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\SUPERAntiSpyware.com
2009-02-21 19:47 . 2009-03-17 11:50 351 --a------ c:\windows\system\Flywave.dll
2009-02-21 19:47 . 2009-02-21 19:47 25 --a------ c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 . 2009-02-21 19:46 <DIR> d-------- c:\program files\Linksys
2009-02-19 19:53 . 2009-02-19 20:25 <DIR> d-------- c:\program files\PeerGuardian2
2009-02-17 21:34 . 2009-02-17 21:43 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\Uniblue
2009-02-17 21:34 . 2009-02-17 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-17 21:12 . 2009-02-17 21:12 <DIR> d-------- c:\program files\Common Files\Zeepe Framework 7
2009-02-17 13:33 . 2008-10-28 15:50 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 15:56 --------- d-----w c:\program files\Java
2009-03-16 15:45 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\dvdcss
2009-03-16 15:44 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\DVD Flick
2009-03-16 01:51 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 20:48 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-08 20:48 --------- d-----w c:\program files\Symantec
2009-03-08 20:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-08 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-04 22:32 --------- d-----w c:\program files\Lavasoft
2009-03-04 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-04 19:12 --------- d-----w c:\program files\XML Notepad 2007
2009-03-04 19:12 --------- d-----w c:\program files\NewView
2009-03-04 19:12 --------- d-----w c:\program files\LimeWire
2009-03-04 19:12 --------- d-----w c:\program files\HomeManage
2009-03-04 19:12 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 00:37 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-04 00:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-03-03 03:22 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\LimeWire
2009-02-23 03:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 02:45 --------- d-----w c:\program files\Telespree
2009-02-17 02:45 --------- d-----w c:\program files\Common Files\Telespree
2009-02-17 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2009-02-17 02:42 33,664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-17 02:42 1,287,552 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-02-17 02:41 --------- d-----w c:\program files\Intel
2009-02-16 01:29 --------- d-----w c:\program files\Dell
2009-02-15 22:55 --------- d-----w c:\program files\SmartFTP Client
2009-02-15 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Altova
2009-02-15 03:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\SmartFTP
2009-02-09 00:57 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-09 00:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-07 22:31 --------- d-----w c:\program files\DVD Flick
2009-02-06 00:17 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_438.exe
2009-02-03 23:47 --------- d-----w c:\program files\iTunes
2009-02-03 23:47 --------- d-----w c:\program files\iPod
2009-02-03 23:47 --------- d-----w c:\program files\Common Files\Apple
2009-02-03 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 23:46 --------- d-----w c:\program files\QuickTime
2009-01-31 14:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\Paltalk
2009-01-30 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\HomeManage
2009-01-30 18:13 --------- d-----w c:\program files\MyStuff
2009-01-19 01:34 --------- d-----w c:\program files\Air Mouse
2009-01-18 06:13 --------- d-----w c:\program files\Bonjour
2009-01-18 06:12 --------- d-----w c:\program files\Safari
2008-11-15 00:56 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_437.exe
2008-09-20 23:28 61,224 ----a-w c:\documents and settings\Matt Kohler\GoToAssistDownloadHelper.exe
2008-09-20 15:26 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-21 2182080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-29 442467]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-06-29 466944]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-28 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-16 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2008-07-29 331851]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2007-10-05 283466]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Matt Kohler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-08-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-08-01 1201432]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-11-11 1769472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc9bsj0epde

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-06-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-04 20560]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-02-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-01 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-10-01 90112]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-09-08 108160]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-02-01 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-02-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-02-01 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-09-08 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-02 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-02 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-02 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-09-08 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-09-08 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-09-08 277504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-06-05 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-03-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-04-04 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-04-04 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-04-04 28032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6809d42-883a-11dd-b1c7-001fe1be929c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{022F2F51-CDDA-4873-8A29-72C66C808A3F} - mscoree.dll
ShellIconOverlayIdentifiers-{661963C1-99A1-44e7-A671-1CF3768AE9D4} - mscoree.dll
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Matt Kohler\Application Data\Mozilla\Firefox\Profiles\iaoxrcvj.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 11:51:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0d,3b,25,66,19,03,6e,fd,4f,a8,a2,fa,9d,e1,52,c2,50,6a,2b,3f,
33,59,f4,59,07,45,91,f9,29,b3,aa,34,eb,b8,1b,51,0f,6f,ad,08,4c,48,f7,d3,42,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\drivers\audio\R190031\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Linksys\WMB54G\WMB54G.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-03-17 11:59:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-17 16:59:26

Pre-Run: 196,090,990,592 bytes free
Post-Run: 202,504,900,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

337 --- E O F --- 2009-03-15 14:26:55

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 17 March 2009 - 03:55 PM

Hi milfordinvestments,

You need to disable your AVAST Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

AVAST will cause BSOD unless you disable it like this:
Posted Image

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 17 March 2009 - 08:20 PM

Sorry I think that step was skipped,
I followed your directions and heres new data:




DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt Kohler at 20:14:56.09 on Tue 03/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2856 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matt Kohler\Local Settings\Temporary Internet Files\Content.IE5\EAWR023L\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mattko~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225331532437
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237305171245&h=3fdbf704315fdfefec64d794ad9c124c/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattko~1\applic~1\mozilla\firefox\profiles\iaoxrcvj.default\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-4 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-4 138680]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-2-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-1 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-8 108160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-4 352920]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-1 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-2-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-1 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-8 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-2 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-9-8 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-8 277504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-6-5 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-3-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032]

=============== Created Last 30 ================

2009-03-17 11:47 <DIR> a-dshr-- C:\cmdcons
2009-03-17 11:45 161,792 a------- c:\windows\SWREG.exe
2009-03-17 11:45 98,816 a------- c:\windows\sed.exe
2009-03-17 10:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-17 10:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-11 19:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 19:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 18:05 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 14:57 <DIR> --d----- c:\program files\ESET
2009-03-04 14:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-02-24 18:16 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-24 15:16 <DIR> --d----- c:\docume~1\mattko~1\applic~1\SUPERAntiSpyware.com
2009-02-21 19:47 351 a------- c:\windows\system\Flywave.dll
2009-02-21 19:47 25 a------- c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 <DIR> --d----- c:\program files\Linksys
2009-02-19 19:53 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-17 21:34 <DIR> --d----- c:\docume~1\mattko~1\applic~1\Uniblue
2009-02-17 21:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-17 21:12 <DIR> --d----- c:\program files\common files\Zeepe Framework 7
2009-02-17 13:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 21:45 <DIR> --d----- c:\program files\Telespree
2009-02-16 21:45 <DIR> --d----- c:\program files\common files\Telespree
2009-02-16 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AT&T
2009-02-16 21:40 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-02-16 21:40 1,904 -------- c:\windows\system32\SetupBD.din
2009-02-16 21:27 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-02-16 21:27 5,029,888 a------- c:\windows\system32\BCMWLCPL.CPL
2009-02-16 21:27 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-02-16 21:27 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-02-16 21:27 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-02-16 21:27 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-16 21:27 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-02-16 21:27 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-02-16 21:27 65,536 a------- c:\windows\system32\wltrynt.dll
2009-02-16 21:27 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-16 21:27 24,064 a------- c:\windows\system32\WLTRYSVC.EXE

==================== Find3M ====================

2009-03-02 21:21 184,488 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-28 18:24 53,733 a------- c:\windows\system32\nvModes.dat
2009-02-16 21:42 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-02-16 21:42 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 19:17 726,008 a------- c:\documents and settings\matt kohler\gotomypc_438.exe
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 14:29 116,930 a------- c:\windows\hpoins11.dat
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-11-14 19:56 726,008 a------- c:\documents and settings\matt kohler\gotomypc_437.exe
2008-09-20 18:28 61,224 a------- c:\documents and settings\matt kohler\GoToAssistDownloadHelper.exe
2008-09-20 10:26 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 20:15:02.71 ===============



ComboFix 09-03-15.01 - Matt Kohler 2009-03-17 20:02:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2779 [GMT -5:00]
Running from: c:\documents and settings\Matt Kohler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt Kohler\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 10:56 . 2009-03-17 10:56 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-17 10:56 . 2009-03-17 10:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-16 21:05 . 2009-03-16 21:05 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\Move Networks
2009-03-11 19:27 . 2009-03-11 19:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 19:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-04 18:30 . 2009-03-04 18:30 <DIR> d-------- c:\program files\Alwil Software
2009-03-04 18:05 . 2009-03-04 18:05 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 14:57 . 2009-03-04 14:57 <DIR> d-------- c:\program files\ESET
2009-03-04 14:12 . 2009-03-04 14:12 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-24 18:16 . 2009-03-03 19:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 . 2009-01-09 14:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 . 2009-02-24 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-24 15:16 . 2009-02-24 15:16 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\SUPERAntiSpyware.com
2009-02-21 19:47 . 2009-03-17 20:04 351 --a------ c:\windows\system\Flywave.dll
2009-02-21 19:47 . 2009-02-21 19:47 25 --a------ c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 . 2009-02-21 19:46 <DIR> d-------- c:\program files\Linksys
2009-02-19 19:53 . 2009-02-19 20:25 <DIR> d-------- c:\program files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 15:56 --------- d-----w c:\program files\Java
2009-03-16 15:45 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\dvdcss
2009-03-16 15:44 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\DVD Flick
2009-03-16 01:51 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 20:48 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-08 20:48 --------- d-----w c:\program files\Symantec
2009-03-08 20:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-08 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-04 22:32 --------- d-----w c:\program files\Lavasoft
2009-03-04 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-04 19:12 --------- d-----w c:\program files\XML Notepad 2007
2009-03-04 19:12 --------- d-----w c:\program files\NewView
2009-03-04 19:12 --------- d-----w c:\program files\LimeWire
2009-03-04 19:12 --------- d-----w c:\program files\HomeManage
2009-03-04 19:12 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 00:37 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-04 00:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-03-03 03:22 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\LimeWire
2009-02-23 03:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-18 02:43 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\Uniblue
2009-02-18 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-18 02:12 --------- d-----w c:\program files\Common Files\Zeepe Framework 7
2009-02-17 02:45 --------- d-----w c:\program files\Telespree
2009-02-17 02:45 --------- d-----w c:\program files\Common Files\Telespree
2009-02-17 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2009-02-17 02:42 33,664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-17 02:42 1,287,552 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-02-17 02:41 --------- d-----w c:\program files\Intel
2009-02-16 01:29 --------- d-----w c:\program files\Dell
2009-02-15 22:55 --------- d-----w c:\program files\SmartFTP Client
2009-02-15 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Altova
2009-02-15 03:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\SmartFTP
2009-02-09 00:57 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-09 00:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-07 22:31 --------- d-----w c:\program files\DVD Flick
2009-02-06 00:17 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_438.exe
2009-02-03 23:47 --------- d-----w c:\program files\iTunes
2009-02-03 23:47 --------- d-----w c:\program files\iPod
2009-02-03 23:47 --------- d-----w c:\program files\Common Files\Apple
2009-02-03 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 23:46 --------- d-----w c:\program files\QuickTime
2009-01-31 14:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\Paltalk
2009-01-30 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\HomeManage
2009-01-30 18:13 --------- d-----w c:\program files\MyStuff
2009-01-19 01:34 --------- d-----w c:\program files\Air Mouse
2009-01-18 06:13 --------- d-----w c:\program files\Bonjour
2009-01-18 06:12 --------- d-----w c:\program files\Safari
2008-11-15 00:56 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_437.exe
2008-09-20 23:28 61,224 ----a-w c:\documents and settings\Matt Kohler\GoToAssistDownloadHelper.exe
2008-09-20 15:26 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_11.58.34.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-17 16:03:27 72,978 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-17 16:56:50 72,978 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-17 16:03:27 445,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-17 16:56:50 445,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 01:05:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_9f8.dat
+ 2009-03-18 01:05:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b00.dat
+ 2009-03-18 01:05:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_df8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-21 2182080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-29 442467]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-06-29 466944]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-28 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-16 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2008-07-29 331851]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2007-10-05 283466]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Matt Kohler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-08-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-08-01 1201432]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-11-11 1769472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-06-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-04 20560]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-02-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-01 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-10-01 90112]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-09-08 108160]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-02-01 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-02-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-02-01 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-09-08 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-02 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-02 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-02 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-09-08 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-09-08 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-09-08 277504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-06-05 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-03-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-04-04 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-04-04 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-04-04 28032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6809d42-883a-11dd-b1c7-001fe1be929c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Matt Kohler\Application Data\Mozilla\Firefox\Profiles\iaoxrcvj.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 20:05:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0d,3b,25,66,19,03,6e,fd,4f,a8,a2,fa,9d,e1,52,c2,50,6a,2b,3f,
33,59,f4,59,07,45,91,f9,29,b3,aa,34,eb,b8,1b,51,0f,6f,ad,08,4c,48,f7,d3,42,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1108)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\drivers\audio\R190031\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\fxssvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\Linksys\WMB54G\WMB54G.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-03-17 20:12:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 01:12:39
ComboFix2.txt 2009-03-17 16:59:58

Pre-Run: 202,055,536,640 bytes free
Post-Run: 202,049,581,056 bytes free

302 --- E O F --- 2009-03-15 14:26:55

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 17 March 2009 - 10:15 PM

Hi milfordinvestments,


Did you uninstall of Symantec?
I still see LiveUpdate 2.6 (Symantec Corporation) in your installed program listing.



Your system is infected with a Flash Drive infector

Warning: Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector.
We are going to run a tool as part of the following fix which will disinfect your machine, as well as clean any flash drives connected to the system.
It is advised you connect any flash drives that have been connected to this machine during this time frame to this system for the following fix, in order to disinfect them.

Please let owners of other machines to which you have connected any flash media or drives that their machines may now be infected.

We need to remove the Flash Drive infector

Please download  Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


Looks like you e drive is infected. Probably a flash drive.
Be sure it is inserted when ComboFix runs.


You need to disable your AVAST Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

AVAST will cause BSOD unless you disable it like this:
Posted Image

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File::
e:\resycled\boot.com 
   
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6809d42-883a-11dd-b1c7-001fe1be929c}]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 18 March 2009 - 08:59 AM

good catch on symtec, i removed live update and and follwed other directions:



ComboFix 09-03-15.01 - Matt Kohler 2009-03-18 8:42:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2820 [GMT -5:00]
Running from: c:\documents and settings\Matt Kohler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt Kohler\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
e:\resycled\boot.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\394\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\394\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atinet.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atpng12.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atprtses.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atrares.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\394\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\394\atwbxui5.dll
c:\windows\Downloaded Program Files\MyWebEx\394\rafilesp.dll
c:\windows\Downloaded Program Files\MyWebEx\394\ramtmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\394\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\394\trace.txt
c:\windows\Downloaded Program Files\MyWebEx\394\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\394\WbxDLDrv.exe
c:\windows\Downloaded Program Files\MyWebEx\394\WbxDLMgr.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 10:56 . 2009-03-17 10:56 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-17 10:56 . 2009-03-17 10:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-16 21:05 . 2009-03-16 21:05 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\Move Networks
2009-03-11 19:27 . 2009-03-11 19:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 19:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-04 18:30 . 2009-03-04 18:30 <DIR> d-------- c:\program files\Alwil Software
2009-03-04 18:05 . 2009-03-04 18:05 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 14:57 . 2009-03-04 14:57 <DIR> d-------- c:\program files\ESET
2009-03-04 14:12 . 2009-03-04 14:12 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-24 18:16 . 2009-03-03 19:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 . 2009-01-09 14:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 . 2009-02-24 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-24 15:16 . 2009-02-24 15:16 <DIR> d-------- c:\documents and settings\Matt Kohler\Application Data\SUPERAntiSpyware.com
2009-02-21 19:47 . 2009-03-18 08:44 351 --a------ c:\windows\system\Flywave.dll
2009-02-21 19:47 . 2009-02-21 19:47 25 --a------ c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 . 2009-02-21 19:46 <DIR> d-------- c:\program files\Linksys
2009-02-19 19:53 . 2009-02-19 20:25 <DIR> d-------- c:\program files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 13:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-17 15:56 --------- d-----w c:\program files\Java
2009-03-16 15:45 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\dvdcss
2009-03-16 15:44 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\DVD Flick
2009-03-16 01:51 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 20:48 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-08 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-04 22:32 --------- d-----w c:\program files\Lavasoft
2009-03-04 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-04 19:12 --------- d-----w c:\program files\XML Notepad 2007
2009-03-04 19:12 --------- d-----w c:\program files\NewView
2009-03-04 19:12 --------- d-----w c:\program files\LimeWire
2009-03-04 19:12 --------- d-----w c:\program files\HomeManage
2009-03-04 19:12 --------- d-----w c:\program files\FastStone Photo Resizer
2009-03-04 00:37 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-04 00:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-03-03 03:22 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\LimeWire
2009-02-23 03:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-18 02:43 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\Uniblue
2009-02-18 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-18 02:12 --------- d-----w c:\program files\Common Files\Zeepe Framework 7
2009-02-17 02:45 --------- d-----w c:\program files\Telespree
2009-02-17 02:45 --------- d-----w c:\program files\Common Files\Telespree
2009-02-17 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2009-02-17 02:42 33,664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-17 02:42 1,287,552 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-02-17 02:41 --------- d-----w c:\program files\Intel
2009-02-16 01:29 --------- d-----w c:\program files\Dell
2009-02-15 22:55 --------- d-----w c:\program files\SmartFTP Client
2009-02-15 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Altova
2009-02-15 03:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\SmartFTP
2009-02-09 00:57 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-09 00:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-07 22:31 --------- d-----w c:\program files\DVD Flick
2009-02-06 00:17 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_438.exe
2009-02-03 23:47 --------- d-----w c:\program files\iTunes
2009-02-03 23:47 --------- d-----w c:\program files\iPod
2009-02-03 23:47 --------- d-----w c:\program files\Common Files\Apple
2009-02-03 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 23:46 --------- d-----w c:\program files\QuickTime
2009-01-31 14:26 --------- d-----w c:\documents and settings\Matt Kohler\Application Data\Paltalk
2009-01-30 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\HomeManage
2009-01-30 18:13 --------- d-----w c:\program files\MyStuff
2009-01-19 01:34 --------- d-----w c:\program files\Air Mouse
2009-01-18 06:13 --------- d-----w c:\program files\Bonjour
2009-01-18 06:12 --------- d-----w c:\program files\Safari
2008-11-15 00:56 726,008 ----a-w c:\documents and settings\Matt Kohler\gotomypc_437.exe
2008-09-20 23:28 61,224 ----a-w c:\documents and settings\Matt Kohler\GoToAssistDownloadHelper.exe
2008-09-20 15:26 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_11.58.34.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-17 16:03:27 72,978 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-18 01:11:21 72,978 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-17 16:03:27 445,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 01:11:21 445,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 13:45:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e4.dat
+ 2009-03-18 13:46:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_84c.dat
+ 2009-03-18 13:46:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_af4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 16:13 583312 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-21 2182080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-29 442467]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-06-29 466944]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-28 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-16 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2008-07-29 331851]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2007-10-05 283466]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Matt Kohler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-08-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-08-01 1201432]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-11-11 1769472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-06-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-04 20560]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-02-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-01 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-10-01 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-09-08 108160]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-02-01 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-02-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-02-01 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-09-08 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-02 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-02 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-02 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-09-08 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-09-08 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-09-08 277504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-06-05 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-03-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-04-04 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-04-04 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-04-04 28032]
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Matt Kohler\Application Data\Mozilla\Firefox\Profiles\iaoxrcvj.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 08:45:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-357244917-692914704-728023711-1005\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0d,3b,25,66,19,03,6e,fd,4f,a8,a2,fa,9d,e1,52,c2,50,6a,2b,3f,
33,59,f4,59,07,45,91,f9,29,b3,aa,34,eb,b8,1b,51,0f,6f,ad,08,4c,48,f7,d3,42,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\drivers\audio\R190031\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Linksys\WMB54G\WMB54G.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-03-18 8:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 13:52:39
ComboFix2.txt 2009-03-18 01:12:53
ComboFix3.txt 2009-03-17 16:59:58

Pre-Run: 201,983,238,144 bytes free
Post-Run: 202,036,789,248 bytes free

326 --- E O F --- 2009-03-15 14:26:55



DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt Kohler at 8:57:17.15 on Wed 03/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2803 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Matt Kohler\Local Settings\Temporary Internet Files\Content.IE5\VWAQYK4R\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080909
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mattko~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225331532437
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237305171245&h=3fdbf704315fdfefec64d794ad9c124c/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattko~1\applic~1\mozilla\firefox\profiles\iaoxrcvj.default\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-4 114768]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-4 138680]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2009-2-16 33664]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-1 455960]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-8 108160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-4 352920]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-1 12840]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2009-2-21 1410240]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-1 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-8 244368]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-2 166144]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2008-9-8 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-8 277504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 NW001NDIS;Dell Wireless Network Adapter Service;c:\windows\system32\drivers\nw01ndis.sys [2008-6-5 265216]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\system32\drivers\sus2pl.sys [2004-3-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032]

=============== Created Last 30 ================

2009-03-18 08:39 <DIR> a-dshr-- C:\autorun.inf
2009-03-17 11:47 <DIR> a-dshr-- C:\cmdcons
2009-03-17 11:45 161,792 a------- c:\windows\SWREG.exe
2009-03-17 11:45 98,816 a------- c:\windows\sed.exe
2009-03-17 10:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-17 10:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-11 19:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 19:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 19:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 18:05 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 14:57 <DIR> --d----- c:\program files\ESET
2009-03-04 14:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-02-24 18:16 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-24 18:07 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 15:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-24 15:16 <DIR> --d----- c:\docume~1\mattko~1\applic~1\SUPERAntiSpyware.com
2009-02-21 19:47 351 a------- c:\windows\system\Flywave.dll
2009-02-21 19:47 25 a------- c:\windows\system\CmCnfgw.ini
2009-02-21 19:46 <DIR> --d----- c:\program files\Linksys
2009-02-19 19:53 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-17 21:34 <DIR> --d----- c:\docume~1\mattko~1\applic~1\Uniblue
2009-02-17 21:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-17 21:12 <DIR> --d----- c:\program files\common files\Zeepe Framework 7
2009-02-17 13:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-16 21:45 <DIR> --d----- c:\program files\Telespree
2009-02-16 21:45 <DIR> --d----- c:\program files\common files\Telespree
2009-02-16 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AT&T
2009-02-16 21:40 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-02-16 21:40 1,904 -------- c:\windows\system32\SetupBD.din
2009-02-16 21:27 815,104 a------- c:\windows\system32\BCMLogon.dll
2009-02-16 21:27 5,029,888 a------- c:\windows\system32\BCMWLCPL.CPL
2009-02-16 21:27 2,670,592 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-02-16 21:27 2,220,032 a------- c:\windows\system32\WLTRAY.EXE
2009-02-16 21:27 1,961,984 a------- c:\windows\system32\BCMWLTRY.EXE
2009-02-16 21:27 753,664 a------- c:\windows\system32\bcm1xsup.dll
2009-02-16 21:27 286,720 a------- c:\windows\system32\bcmwlu00.exe
2009-02-16 21:27 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-02-16 21:27 65,536 a------- c:\windows\system32\wltrynt.dll
2009-02-16 21:27 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-02-16 21:27 24,064 a------- c:\windows\system32\WLTRYSVC.EXE

==================== Find3M ====================

2009-03-02 21:21 184,488 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-28 18:24 53,733 a------- c:\windows\system32\nvModes.dat
2009-02-16 21:42 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-02-16 21:42 1,287,552 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 19:17 726,008 a------- c:\documents and settings\matt kohler\gotomypc_438.exe
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 14:29 116,930 a------- c:\windows\hpoins11.dat
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-11-14 19:56 726,008 a------- c:\documents and settings\matt kohler\gotomypc_437.exe
2008-09-20 18:28 61,224 a------- c:\documents and settings\matt kohler\GoToAssistDownloadHelper.exe
2008-09-20 10:26 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 8:57:23.89 ===============

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 18 March 2009 - 11:31 AM

Hi milfordinvestments,

Looks good so far. Now we check for lingering malware.


Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 18 March 2009 - 05:32 PM

here you go:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 18, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 18, 2009 19:36:21
Records in database: 1929298
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Files scanned: 100132
Threat name: 3
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 01:25:36


File name / Threat name / Threats count
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a02568 Infected: Backdoor.Win32.Frauder.fb 6
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a02568 Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cp 1
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a02568 Infected: not-a-virus:FraudTool.Win32.SpywarePreventer.y 1
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a04492 Infected: Backdoor.Win32.Frauder.fb 6
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a04492 Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cp 1
C:\Documents and Settings\Matt Kohler\.housecall6.6\Quarantine\sdf3.bac_a04492 Infected: not-a-virus:FraudTool.Win32.SpywarePreventer.y 1

The selected area was scanned.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 18 March 2009 - 05:58 PM

Hi,


Those files have all been previously quarentine, so they are no problem. :thumbup2:

How is your computer running?

We still have to do some progream clean up.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 18 March 2009 - 06:28 PM

so far looking pretty good,
maybe the flash disenfector did a bit of good,
I probably should run flas disenfector on all computers i used my usb flash drive on also do you think?

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:24 AM

Posted 18 March 2009 - 07:06 PM

Yes, run the flash disinfector on all computers that you used your flash drive. They all may be infected. Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector.


Now for the program clean up.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTMoveIt3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.


Now you are good to go. :thumbup2:

Edited by SifuMike, 18 March 2009 - 07:07 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 milfordinvestments

milfordinvestments
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 18 March 2009 - 08:01 PM

I believe you have gave them the boot :thumbup2:
Thanks for all your efforts and patience in this problem.
I will let you know if any other issues.
Thanks again!!!
Job well done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users