Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rookit evidence found


  • This topic is locked This topic is locked
10 replies to this topic

#1 jjkeane3rd

jjkeane3rd

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 27 August 2009 - 06:47 PM

Sorry - I'm not seeing how to add a link to my posting in this forum that started this journey:

Topic link: http://www.bleepingcomputer.com/forums/t/251924/redirects-in-ie-locked-windows-logins-locked-windows-backgrounds/ ~ OB

BleepingComputer.com > Security > Am I infected? What do I do?

titled: Redirects in IE, locked windows logins, locked windows backgrounds, Had RENOS, now it's FAKEINIT browser hijacker

The results of my rootrepeal and dds scans are attached.

The DDS file contents are:

DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 7:27:57.06 on Thu 08/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\incd\InCD.exe
C:\WINDOWS\LTMSG.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
E:\Program Files\natural color pro\NCProTray.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] e:\program files\incd\InCD.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] e:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] e:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - e:\program files\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224798044175
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224798242347
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5566/mcfscan.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {E10EFC33-6626-4C96-99FB-AEFD33CED2C8} = 64.83.0.10,209.137.171.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-10-23 9088]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-23 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-10-23 333184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-4 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-4 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-4 40552]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [2002-3-3 93068]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-1-4 28672]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-4 34248]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2008-10-25 19200]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]

=============== Created Last 30 ================

2009-08-24 09:09 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 --d----- c:\program files\common files\Wise Installation Wizard
2009-08-24 08:27 --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-08-23 21:11 --d----- c:\program files\Trend Micro
2009-08-23 21:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 21:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:16 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 18:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-23 18:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-23 18:15 -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 17:31 --d----- c:\program files\ESET
2009-08-23 17:27 --d----- c:\program files\Spybot - Search & Destroy
2009-08-23 17:08 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-08-23 17:04 3,558 a------- c:\windows\system32\tmp.reg
2009-08-23 08:31 31,015 a------- c:\windows\system32\kbiwkmdvjdyida.dat
2009-08-23 08:31 45,056 a------- c:\windows\system32\kbiwkmpxvnmttj.dll
2009-08-22 09:18 1,409 a------- c:\windows\system32\tmpEFBFD.FOT
2009-08-22 09:14 3,540 a------- c:\windows\disney.ini
2009-08-15 12:59 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-15 03:06 --d----- c:\windows\system32\XPSViewer
2009-08-15 03:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 03:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 03:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 03:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-15 03:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-15 03:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 03:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-15 03:05 --d----- c:\windows\SxsCaPendDel
2009-08-12 07:35 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-12 05:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 05:50 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-23 11:51 43,520 a------- c:\windows\system32\CTBurst.dll
2009-06-23 11:50 11,776 a------- c:\windows\system32\inres.dll
2009-06-23 11:50 11,776 a------- c:\windows\INRES.DLL
2009-06-23 11:50 182,272 a------- c:\windows\system32\ctdvinst.dll
2009-06-23 11:50 86,528 a------- c:\windows\system32\ctcoinst.dll
2009-06-23 11:49 10,752 a------- c:\windows\system32\a3d.dll
2009-06-23 11:48 11,776 a------- c:\windows\system32\ac3api.dll
2009-06-23 11:48 38,400 a------- c:\windows\system32\readreg.exe
2009-06-23 11:48 37,888 a------- c:\windows\system32\psconv.exe
2009-06-23 11:48 19,456 a------- c:\windows\system32\CtHelper.exe
2009-06-23 11:48 8,704 a------- c:\windows\system32\ctagent.dll
2009-06-23 11:48 45,568 a------- c:\windows\system32\ctspkhlp.dll
2009-06-23 11:47 56,832 a------- c:\windows\system32\CTpcmcia.dll
2009-06-23 11:47 12,800 a------- c:\windows\system32\ctmmep.dll
2009-06-23 11:46 9,216 a------- c:\windows\system32\ctpres.dll
2009-06-23 11:46 32,768 a------- c:\windows\system32\ctthxcal.dll
2009-06-23 11:46 41,472 a------- c:\windows\system32\ctscal.dll
2009-06-23 11:46 131,072 a------- c:\windows\system32\ctdcifce.dll
2009-06-23 11:46 330,752 a------- c:\windows\system32\ctdc0001.dll
2009-06-23 11:46 227,840 a------- c:\windows\system32\ctdc0000.dll
2009-06-23 11:46 10,240 a------- c:\windows\system32\ctdcres.dll
2009-06-23 11:46 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-23 11:28 386,852 a------- c:\windows\system32\ctdnlstr.dat
2009-06-23 11:28 51,787 a------- c:\windows\system32\ctdlang.dat
2009-06-23 11:28 196,096 a------- c:\windows\system32\ctemupia.dll
2009-06-23 11:24 176,128 a------- c:\windows\system32\ct_oal.dll
2009-06-23 11:24 46,592 a------- c:\windows\system32\ctasio.dll
2009-06-23 11:24 49,152 a------- c:\windows\system32\ctdproxy.dll
2009-06-23 11:23 69,632 a------- c:\windows\system32\ctosuser.dll
2009-06-23 11:23 6,144 a------- c:\windows\system32\sfman32.dll
2009-06-23 11:23 125,952 a------- c:\windows\system32\sfms32.dll
2009-06-23 11:23 13,312 a------- c:\windows\system32\regplib.exe
2009-06-23 11:23 64,512 a------- c:\windows\system32\piaproxy.dll
2009-06-23 11:22 149,838 a------- c:\windows\system32\ctbas2w.dat
2009-06-23 11:20 274,587 a------- c:\windows\system32\ctsbas2w.dat
2009-06-23 11:20 313,207 a------- c:\windows\system32\ctstatic.dat
2009-06-23 11:20 53,932 a------- c:\windows\system32\ctdaught.dat
2009-06-23 11:20 5,120 a------- c:\windows\system32\enlocstr.exe
2009-06-23 11:20 10,240 a------- c:\windows\system32\killapps.exe
2009-06-23 11:19 33,792 a------- c:\windows\system32\devreg.dll
2009-06-21 15:49 82,784 a------- c:\docume~1\john\applic~1\GDIPFONTCACHEV1.DAT
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 21:10 47,104 a------- c:\windows\system32\udapld32.dll
2009-06-11 21:10 508,928 a------- c:\windows\system32\UDAAPO32.dll
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 09:06 809,496 a------- c:\windows\system32\OALInst.exe
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-10-23 19:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 7:28:44.06 ===============


John[/indent]

Attached Files


Edited by Orange Blossom, 27 August 2009 - 10:24 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 10 September 2009 - 08:15 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Then, please run RootRepeal:

Download and run RootRepeal CR

Please download RootRepeal to your desktop
Alternative Download Link 2
Alternative Download Link 3
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Report tab at the bottom.
  • Now click the Scan button in the Report Tab. Posted Image
  • A box will pop up, check the boxes beside ALL Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 13 September 2009 - 04:40 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 jjkeane3rd

jjkeane3rd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 14 September 2009 - 05:22 AM

Since my last post / conversation:

I ran all of the scans as before on every different login I have on my computer (4 of them) as something came back and I assumed it was hiding under each logins documents. Then I ran combofixer about a week ago. I know, without anyones instruction. Since then I have seen no issues.

Reports from yesterday / today follow:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 20:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1EEB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D08000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE871000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\temp\sqlite_3ry5lkysxnw3ie3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_6svaplvjwbf6v5h
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_9lvtefxc2zlalei
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_oyvp8jjjv97wc94
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tqc8kttqnrolyja
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_vj8q8kfcgkoo679
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_yzghdow3u4jro5w
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\john\local settings\temp\~df3a80.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\john\local settings\temp\~df434b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf781e87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf781ebfe

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf244d0b0

==EOF==


--------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 6:09:01.12 on Mon 09/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.503 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\incd\InCD.exe
C:\WINDOWS\LTMSG.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\Program Files\natural color pro\NCProTray.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John\Desktop\Scan items\RootRepeal.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\John\Desktop\Scan items\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] e:\program files\incd\InCD.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] e:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] e:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - e:\program files\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224798044175
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224798242347
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5566/mcfscan.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {E10EFC33-6626-4C96-99FB-AEFD33CED2C8} = 64.83.0.10,209.137.171.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-10-23 9088]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-23 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-10-23 333184]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-4 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-4 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-4 35272]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [2002-3-3 93068]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-1-4 28672]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-4 40552]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2008-10-25 19200]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-4 606736]

=============== Created Last 30 ================

2009-09-11 06:50 <DIR> --d----- c:\program files\iPod
2009-09-11 06:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 20:05 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 10:39 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-09-07 10:39 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-09-07 10:39 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-09-07 10:39 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-09-07 10:39 8,192 a------- c:\windows\system32\kbdkor.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd101c.dll
2009-09-07 10:39 5,632 a------- c:\windows\system32\kbd103.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd106.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd101b.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 21:11 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-03 20:54 230,912 a------- c:\windows\PEV.exe
2009-09-03 20:54 161,792 a------- c:\windows\SWREG.exe
2009-09-03 20:54 98,816 a------- c:\windows\sed.exe
2009-08-30 05:57 <DIR> --d----- c:\documents and settings\john\DoctorWeb
2009-08-29 14:13 <DIR> --d----- c:\program files\common files\TSCUninstall
2009-08-24 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-24 08:27 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-08-23 21:11 <DIR> --d----- c:\program files\Trend Micro
2009-08-23 21:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 21:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 18:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-23 18:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-23 18:15 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 17:31 <DIR> --d----- c:\program files\ESET
2009-08-23 17:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-23 17:08 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-08-22 09:18 1,409 a------- c:\windows\system32\tmpEFBFD.FOT
2009-08-22 09:14 3,540 a------- c:\windows\disney.ini
2009-08-15 12:59 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-23 11:51 43,520 a------- c:\windows\system32\CTBurst.dll
2009-06-23 11:50 11,776 a------- c:\windows\system32\inres.dll
2009-06-23 11:50 11,776 a------- c:\windows\INRES.DLL
2009-06-23 11:50 182,272 a------- c:\windows\system32\ctdvinst.dll
2009-06-23 11:50 86,528 a------- c:\windows\system32\ctcoinst.dll
2009-06-23 11:49 10,752 a------- c:\windows\system32\a3d.dll
2009-06-23 11:48 11,776 a------- c:\windows\system32\ac3api.dll
2009-06-23 11:48 38,400 a------- c:\windows\system32\readreg.exe
2009-06-23 11:48 37,888 a------- c:\windows\system32\psconv.exe
2009-06-23 11:48 19,456 a------- c:\windows\system32\CtHelper.exe
2009-06-23 11:48 8,704 a------- c:\windows\system32\ctagent.dll
2009-06-23 11:48 45,568 a------- c:\windows\system32\ctspkhlp.dll
2009-06-23 11:47 56,832 a------- c:\windows\system32\CTpcmcia.dll
2009-06-23 11:47 12,800 a------- c:\windows\system32\ctmmep.dll
2009-06-23 11:46 9,216 a------- c:\windows\system32\ctpres.dll
2009-06-23 11:46 32,768 a------- c:\windows\system32\ctthxcal.dll
2009-06-23 11:46 41,472 a------- c:\windows\system32\ctscal.dll
2009-06-23 11:46 131,072 a------- c:\windows\system32\ctdcifce.dll
2009-06-23 11:46 330,752 a------- c:\windows\system32\ctdc0001.dll
2009-06-23 11:46 227,840 a------- c:\windows\system32\ctdc0000.dll
2009-06-23 11:46 10,240 a------- c:\windows\system32\ctdcres.dll
2009-06-23 11:46 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-23 11:28 386,852 a------- c:\windows\system32\ctdnlstr.dat
2009-06-23 11:28 51,787 a------- c:\windows\system32\ctdlang.dat
2009-06-23 11:28 196,096 a------- c:\windows\system32\ctemupia.dll
2009-06-23 11:24 176,128 a------- c:\windows\system32\ct_oal.dll
2009-06-23 11:24 46,592 a------- c:\windows\system32\ctasio.dll
2009-06-23 11:24 49,152 a------- c:\windows\system32\ctdproxy.dll
2009-06-23 11:23 69,632 a------- c:\windows\system32\ctosuser.dll
2009-06-23 11:23 6,144 a------- c:\windows\system32\sfman32.dll
2009-06-23 11:23 125,952 a------- c:\windows\system32\sfms32.dll
2009-06-23 11:23 13,312 a------- c:\windows\system32\regplib.exe
2009-06-23 11:23 64,512 a------- c:\windows\system32\piaproxy.dll
2009-06-23 11:22 149,838 a------- c:\windows\system32\ctbas2w.dat
2009-06-23 11:20 274,587 a------- c:\windows\system32\ctsbas2w.dat
2009-06-23 11:20 313,207 a------- c:\windows\system32\ctstatic.dat
2009-06-23 11:20 53,932 a------- c:\windows\system32\ctdaught.dat
2009-06-23 11:20 5,120 a------- c:\windows\system32\enlocstr.exe
2009-06-23 11:20 10,240 a------- c:\windows\system32\killapps.exe
2009-06-23 11:19 33,792 a------- c:\windows\system32\devreg.dll
2009-06-21 15:49 82,784 -------- c:\docume~1\john\applic~1\GDIPFONTCACHEV1.DAT
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-10-23 19:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 6:09:19.71 ===============



------------------------------------------------- -------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2008 11:06:03 PM
System Uptime: 9/13/2009 2:22:20 PM (16 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel® Pentium® 4 CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 0.702 GiB free.
D: is FIXED (FAT32) - 10 GiB total, 6.322 GiB free.
E: is FIXED (FAT32) - 7 GiB total, 3.797 GiB free.
F: is FIXED (FAT32) - 22 GiB total, 10.981 GiB free.
G: is FIXED (FAT32) - 10 GiB total, 6.708 GiB free.
I: is FIXED (FAT32) - 10 GiB total, 1.046 GiB free.
J: is CDROM ()
K: is CDROM ()
S: is FIXED (NTFS) - 0 GiB total, 0.004 GiB free.
Y: is FIXED (NTFS) - 56 GiB total, 50.741 GiB free.
Z: is FIXED (NTFS) - 19 GiB total, 18.574 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP549: 8/27/2009 9:39:10 PM - System Checkpoint
RP550: 8/28/2009 1:43:45 AM - Software Distribution Service 3.0
RP551: 8/28/2009 6:22:38 AM - Software Distribution Service 3.0
RP552: 8/29/2009 6:25:07 AM - System Checkpoint
RP553: 8/30/2009 6:48:08 AM - System Checkpoint
RP554: 8/31/2009 7:55:28 AM - System Checkpoint
RP555: 9/1/2009 1:56:54 AM - Software Distribution Service 3.0
RP556: 9/2/2009 2:26:21 AM - System Checkpoint
RP557: 9/3/2009 2:38:25 AM - System Checkpoint
RP558: 9/3/2009 5:38:35 PM - Software Distribution Service 3.0
RP559: 9/4/2009 7:06:26 PM - System Checkpoint
RP560: 9/5/2009 8:06:05 PM - System Checkpoint
RP561: 9/6/2009 9:45:29 PM - System Checkpoint
RP562: 9/7/2009 7:30:48 PM - sept
RP563: 9/7/2009 11:18:06 PM - Software Distribution Service 3.0
RP564: 9/8/2009 8:43:03 PM - Software Distribution Service 3.0
RP565: 9/9/2009 9:17:48 PM - System Checkpoint
RP566: 9/10/2009 2:37:37 PM - Software Distribution Service 3.0
RP567: 9/11/2009 6:29:41 AM - regular
RP568: 9/12/2009 7:30:06 AM - System Checkpoint
RP569: 9/13/2009 5:43:45 PM - System Checkpoint

==== Installed Programs ======================


Sansa Media Converter
Acronis TrueImage
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
Arthur's Kindergarten
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
Battlefield 1942
Bonjour
Canon Utilities PhotoStitch 3.1
Cars - Radiator Springs Adventures
Choice Guard
Command & Conquer Generals
Command & Conquer Tiberian Sun
Compatibility Pack for the 2007 Office system
Concord EyeQ Duo 2000 Digital Camera
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00
Crayon Physics Deluxe - release 53
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
EA Network Play System
ESET Online Scanner v3
Express Burn
FlightGear v1.0.0
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2100 series
InCD (Ahead Software)
iriver Music Manager
iRiver Updater
iTunes
Java™ 6 Update 15
Kid Pix Deluxe 3
Lara Croft Tomb Raider: The Angel Of Darkness
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Media Converter SA Edition 0.8
MediaShout 3
MediaShout 3.5 Update
MediaShout3 Update 478
MediaShout3 Update 626
MediaShout3 Update 678
MediaShout3 Update 711
MediaShout3 Update 726
MediaShout3 Update 727
Mickey Mouse Preschool
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows XP Video Decoder Checkup Utility
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Natural Color Pro
Nero
PhotoStitch
Playlist Creator 3
Pleo Updater 1.1
Prism Video Converter
QuickTime
Reader Rabbit Learn To Read With Phonics
Readiris 7.5
Rolling Madness 3D v1.0
Saitek NT Controller Drivers
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sound Blaster Audigy 2 ZS
Stanley Wild for Sharks
StarFlyers Alien Space Chase
SUPER © Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware Free Edition
The Battle for Middle-earth ™
The Mystery of Veggie Island
Tom Clancy's Rainbow Six 3: Raven Shield
TrackMania Nations Forever
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Westwood Shared Internet Components
Windows Backup Utility
Windows Defender
Windows Driver Package - Ugobe Inc. (usbser) Ports (04/06/2007 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winnie the Pooh Preschool
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/8/2009 9:28:31 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/8/2009 8:53:47 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/8/2009 8:53:28 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/8/2009 8:53:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2009 8:49:28 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/8/2009 8:49:28 PM, error: Service Control Manager [7001] - The Messenger service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/8/2009 8:49:28 PM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/8/2009 8:49:28 PM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
9/8/2009 8:49:28 PM, error: Service Control Manager [7000] - The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/8/2009 11:36:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/7/2009 9:52:41 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
9/7/2009 6:58:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume7'. It has stopped monitoring the volume.
9/7/2009 4:41:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 14 September 2009 - 08:16 PM

Hello.

Post the Combofix log located in your C:\ drive for my review.

Also post the log file called Combofix-quarantined-files.txt in the C:\Qoobox folder.

Take a Malwarebytes run as well...

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 jjkeane3rd

jjkeane3rd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 September 2009 - 05:08 AM

Here is the combofix file from my c drive:

ComboFix 09-09-03.02 - John 09/03/2009 20:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\My Documents\backup.reg
c:\documents and settings\John\My Documents\ZbThumbnail.info
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\kbiwkmdvjdyida.dat
c:\windows\system32\tmp.reg
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-08-30 09:57 . 2009-08-30 09:57 -------- d-----w- c:\documents and settings\John\DoctorWeb
2009-08-29 22:53 . 2009-08-29 22:53 -------- d-----w- c:\documents and settings\Mason and Gavin.KEANEFAMILY\Application Data\Malwarebytes
2009-08-29 18:13 . 2009-08-29 18:13 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-24 13:09 . 2009-08-24 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-24 13:09 . 2009-08-24 13:09 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2009-08-24 13:09 . 2009-08-24 13:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 12:43 . 2009-08-24 12:43 -------- d-----w- c:\documents and settings\John Andrew\Application Data\Malwarebytes
2009-08-24 12:27 . 2009-08-24 12:27 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-08-24 12:18 . 2009-08-24 12:18 2272 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-24 01:31 . 2009-08-24 01:31 -------- d-----w- c:\documents and settings\Kim\Application Data\Malwarebytes
2009-08-24 01:11 . 2009-08-24 01:11 -------- d-----w- c:\program files\Trend Micro
2009-08-24 01:01 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 01:01 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 00:16 . 2009-08-24 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 22:22 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-23 22:17 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-23 22:15 . 2009-08-23 22:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 22:10 . 2009-08-23 22:10 -------- d-sh--w- c:\documents and settings\Kim\IECompatCache
2009-08-23 21:31 . 2009-08-23 21:31 -------- d-----w- c:\program files\ESET
2009-08-23 21:27 . 2009-08-26 21:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 21:08 . 2008-05-15 20:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-08-15 07:06 . 2009-08-15 07:06 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 07:06 . 2009-08-15 07:06 -------- d-----w- c:\program files\MSBuild
2009-08-15 07:06 . 2009-08-15 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 07:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 07:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 07:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 07:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 07:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 07:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 07:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 07:05 . 2009-08-15 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-12 11:35 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 09:50 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 00:46 . 2008-11-03 03:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-25 22:43 . 2008-11-05 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 22:15 . 2009-04-11 17:24 -------- d-----w- c:\program files\Lavasoft
2009-08-23 22:15 . 2008-10-28 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-22 13:50 . 2008-10-23 22:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 01:24 . 2009-04-12 16:29 -------- d-----w- c:\program files\Java
2009-08-17 23:59 . 2008-12-19 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-08-17 16:15 . 2009-07-04 19:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-16 11:58 . 2008-10-23 04:21 82784 ------w- c:\documents and settings\John Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 11:04 . 2008-10-23 04:13 82784 ------w- c:\documents and settings\Mason and Gavin.KEANEFAMILY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 12:08 . 2008-10-22 03:14 82784 ------w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 08:50 . 2008-10-29 18:40 82784 ------w- c:\documents and settings\Kim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 21:20 . 2009-07-04 18:23 -------- d-----w- c:\program files\McAfee
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 12:57 . 2009-07-31 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-01 12:57 . 2009-07-31 23:59 -------- d-----w- c:\program files\NOS
2009-07-25 09:23 . 2009-04-12 16:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 10:57 . 2009-03-27 00:13 1085 ----a-w- c:\windows\eReg.dat
2009-07-20 10:31 . 2009-07-20 10:31 -------- d-----w- c:\program files\iPod
2009-07-20 10:31 . 2008-10-24 01:31 -------- d-----w- c:\program files\Common Files\Apple
2009-07-19 11:07 . 2009-07-19 11:07 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 21:25 . 2009-07-11 21:11 -------- d-----w- c:\documents and settings\John\Application Data\Creative ASR2
2009-07-07 13:59 . 2009-07-07 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-07 13:59 . 2009-07-07 13:59 -------- d-----w- c:\documents and settings\Kim\Application Data\Yahoo!
2009-07-07 13:59 . 2008-11-12 00:22 -------- d-----w- c:\program files\Yahoo!
2009-07-07 13:59 . 2009-07-07 13:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-07-07 13:57 . 2009-07-07 13:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 17:38 . 2008-10-24 00:36 15896 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2009-06-23 17:38 . 2007-04-10 08:32 189464 ----a-w- c:\windows\system32\drivers\haP17v2k.sys
2009-06-23 17:38 . 2008-10-25 12:53 162840 ----a-w- c:\windows\system32\drivers\haP16v2k.sys
2009-06-23 17:38 . 2008-10-25 12:53 798744 ----a-w- c:\windows\system32\drivers\ha10kx2k.sys
2009-06-23 17:37 . 2008-10-25 12:53 92696 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2009-06-23 17:37 . 2008-10-25 12:53 157208 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2009-06-23 17:37 . 2008-10-25 12:53 14360 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2009-06-23 17:37 . 2008-10-25 12:53 127512 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2009-06-23 17:36 . 2008-10-25 12:52 347080 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2009-06-23 17:36 . 2008-10-25 12:53 528408 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2009-06-23 17:36 . 2008-10-25 12:53 511000 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2009-06-23 17:35 . 2009-06-23 17:35 100888 ----a-w- c:\windows\system32\drivers\CTERFXFX.sys
2009-06-23 17:34 . 2009-06-23 17:34 566296 ----a-w- c:\windows\system32\drivers\CTSBLFX.sys
2009-06-23 17:34 . 2009-06-23 17:34 555032 ----a-w- c:\windows\system32\drivers\CTAUDFX.sys
2009-06-23 17:34 . 2009-06-23 17:34 99352 ----a-w- c:\windows\system32\drivers\COMMONFX.sys
2009-06-23 15:51 . 2007-04-09 16:33 43520 ----a-w- c:\windows\system32\CTBurst.dll
2009-06-23 15:50 . 2008-10-25 12:53 11776 ----a-w- c:\windows\INRES.DLL
2009-06-23 15:50 . 2007-04-09 16:33 11776 ----a-w- c:\windows\system32\inres.dll
2009-06-23 15:50 . 2008-10-25 12:53 86528 ----a-w- c:\windows\system32\ctcoinst.dll
2009-06-23 15:50 . 2008-10-25 12:53 182272 ----a-w- c:\windows\system32\ctdvinst.dll
2009-06-23 15:49 . 2008-10-25 12:53 10752 ----a-w- c:\windows\system32\a3d.dll
2009-06-23 15:48 . 2008-10-25 12:53 11776 ----a-w- c:\windows\system32\ac3api.dll
2009-06-23 15:48 . 2007-04-09 16:32 38400 ----a-w- c:\windows\system32\readreg.exe
2009-06-23 15:48 . 2007-04-09 16:32 37888 ----a-w- c:\windows\system32\psconv.exe
2009-06-23 15:48 . 2008-10-25 12:53 19456 ----a-w- c:\windows\system32\CtHelper.exe
2009-06-23 15:48 . 2008-10-25 12:53 8704 ----a-w- c:\windows\system32\ctagent.dll
2009-06-23 15:48 . 2008-10-25 12:53 45568 ----a-w- c:\windows\system32\ctspkhlp.dll
2009-06-23 15:47 . 2007-04-09 16:32 56832 ----a-w- c:\windows\system32\CTpcmcia.dll
2009-06-23 15:47 . 2008-10-25 12:53 12800 ----a-w- c:\windows\system32\ctmmep.dll
2009-06-23 15:46 . 2007-04-09 16:32 9216 ----a-w- c:\windows\system32\ctpres.dll
2009-06-23 15:46 . 2008-10-25 12:53 32768 ----a-w- c:\windows\system32\ctthxcal.dll
2009-06-23 15:46 . 2008-10-25 12:53 41472 ----a-w- c:\windows\system32\ctscal.dll
2009-06-23 15:46 . 2008-10-25 12:53 131072 ----a-w- c:\windows\system32\ctdcifce.dll
2009-06-23 15:46 . 2008-10-25 12:53 330752 ----a-w- c:\windows\system32\ctdc0001.dll
2009-06-23 15:46 . 2008-10-25 12:53 227840 ----a-w- c:\windows\system32\ctdc0000.dll
2009-06-23 15:46 . 2008-10-25 12:53 10240 ----a-w- c:\windows\CTDCRES.DLL
2009-06-23 15:46 . 2007-04-09 16:32 10240 ----a-w- c:\windows\system32\ctdcres.dll
2009-06-23 15:28 . 2008-10-25 12:53 51787 ----a-w- c:\windows\system32\ctdlang.dat
2009-06-23 15:28 . 2007-04-09 16:24 386852 ----a-w- c:\windows\system32\ctdnlstr.dat
2009-06-23 15:28 . 2008-10-25 12:53 196096 ----a-w- c:\windows\system32\ctemupia.dll
2009-06-23 15:24 . 2007-04-09 16:22 176128 ----a-w- c:\windows\system32\ct_oal.dll
2009-06-23 15:24 . 2008-10-25 12:53 46592 ----a-w- c:\windows\system32\ctasio.dll
2009-06-23 15:24 . 2008-10-25 12:53 49152 ----a-w- c:\windows\system32\ctdproxy.dll
2009-06-23 15:23 . 2008-10-25 12:53 69632 ----a-w- c:\windows\system32\ctosuser.dll
2009-06-23 15:23 . 2008-10-25 12:53 6144 ----a-w- c:\windows\system32\sfman32.dll
2009-06-23 15:23 . 2008-10-25 12:53 125952 ----a-w- c:\windows\system32\sfms32.dll
2009-06-23 15:23 . 2008-10-25 12:53 13312 ----a-w- c:\windows\system32\regplib.exe
2009-06-23 15:23 . 2008-10-25 12:53 64512 ----a-w- c:\windows\system32\piaproxy.dll
2009-06-23 15:22 . 2008-10-25 12:53 149838 ----a-w- c:\windows\system32\ctbas2w.dat
2009-06-23 15:20 . 2008-10-25 12:53 274587 ----a-w- c:\windows\system32\ctsbas2w.dat
2009-06-23 15:20 . 2008-10-25 12:53 53932 ----a-w- c:\windows\system32\ctdaught.dat
2009-06-23 15:20 . 2008-10-25 12:53 313207 ----a-w- c:\windows\system32\ctstatic.dat
2009-06-23 15:20 . 2007-04-09 16:19 5120 ----a-w- c:\windows\system32\enlocstr.exe
2009-06-23 15:20 . 2008-10-25 12:53 10240 ----a-w- c:\windows\system32\killapps.exe
2009-06-23 15:19 . 2007-04-09 16:19 33792 ----a-w- c:\windows\system32\devreg.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-12 01:10 . 2009-06-12 01:10 47104 ----a-w- c:\windows\system32\udapld32.dll
2009-06-12 01:10 . 2009-06-12 01:10 508928 ----a-w- c:\windows\system32\UDAAPO32.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-10-22 02:59 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2006-05-03 09:06 . 2008-11-16 01:49 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-16 01:49 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-16 01:49 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-24 79872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="e:\program files\incd\InCD.exe" [2002-05-10 1011712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968]
"CTSysVol"="e:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="e:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-06-23 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
hp psc 2000 Series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NCProTray.lnk - e:\program files\natural color pro\NCProTray.exe [2008-10-23 49220]
officejet 6100.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"f:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"f:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\patchget.dat"=
"f:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"i:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"i:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [10/23/2008 7:28 PM 9088]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2009 6:17 PM 64160]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [10/23/2008 7:28 PM 333184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/4/2009 2:26 PM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [3/3/2002 12:26 PM 93068]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [1/4/2009 2:27 PM 28672]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [10/25/2008 12:45 PM 19200]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-04 12:57]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-04 12:57]

2009-09-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: {E10EFC33-6626-4C96-99FB-AEFD33CED2C8} = 64.83.0.10,209.137.171.20
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 21:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000002A43E93FC1ED807E40

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\MICROS~2\Office10\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
e:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Microsoft Office\Office10\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2009-09-04 21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 01:12

Pre-Run: 1,384,632,320 bytes free
Post-Run: 1,747,009,536 bytes free

352 --- E O F --- 2009-09-03 21:38



-----------------------------------------------------------------------------------------------------------------------

combofix quarantined file:

2009-09-04 01:11:25 . 2009-09-04 01:11:25 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-OneCareUI.reg.dat
2009-09-04 01:05:58 . 2008-07-26 13:25:24 109,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\LVPrcInj01.dll.vir
2009-09-04 01:02:09 . 2009-09-04 01:02:09 726 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UACd.sys.reg.dat
2009-09-04 01:01:53 . 2009-09-04 01:01:53 7,661 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-09-04 00:56:01 . 2009-09-04 01:02:10 1,500 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UACd.sys.reg.dat
2009-09-04 00:53:40 . 2009-09-04 00:54:40 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-08-23 21:04:08 . 2009-08-29 23:11:47 3,712 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir
2009-08-23 12:31:24 . 2009-08-24 13:11:25 31,015 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmdvjdyida.dat.vir
2008-10-23 04:31:00 . 2006-04-08 14:40:47 15,540 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\My Documents\ZbThumbnail.info.vir
2008-10-23 04:30:54 . 2006-12-31 02:10:21 101,965,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\My Documents\backup.reg.vir
2005-04-18 17:45:34 . 2005-04-18 17:45:34 242 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.inf.vir
2002-12-12 00:39:08 . 2002-12-12 00:39:08 10,995,712 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\WMEncoder.msi.vir



I will run and post Malewarebytes and DDs and post those separately

#7 jjkeane3rd

jjkeane3rd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 September 2009 - 05:35 AM

See prior post for the combofix reports.

Malwarebytes found nothing:

Malwarebytes' Anti-Malware 1.41
Database version: 2802
Windows 5.1.2600 Service Pack 3

9/15/2009 6:30:11 AM
mbam-log-2009-09-15 (06-30-11).txt

Scan type: Quick Scan
Objects scanned: 135225
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------------
DDS files follow:


DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 6:31:52.03 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.204 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTMSG.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\John\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\Program Files\natural color pro\NCProTray.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John\Desktop\Scan items\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SansaDispatch] c:\documents and settings\john\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] e:\program files\incd\InCD.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] e:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] e:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - e:\program files\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224798044175
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224798242347
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5566/mcfscan.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {E10EFC33-6626-4C96-99FB-AEFD33CED2C8} = 64.83.0.10,209.137.171.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-10-23 9088]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-23 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-10-23 333184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-4 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-4 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-23 38224]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-4 40552]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 0234371252977724mcinstcleanup;McAfee Application Installer Cleanup (0234371252977724);c:\windows\temp\023437~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\023437~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [2002-3-3 93068]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-1-4 28672]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-4 34248]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2008-10-25 19200]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]

=============== Created Last 30 ================

2009-09-11 06:50 <DIR> --d----- c:\program files\iPod
2009-09-11 06:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 20:05 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 10:39 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-09-07 10:39 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-09-07 10:39 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-09-07 10:39 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-09-07 10:39 8,192 a------- c:\windows\system32\kbdkor.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd101c.dll
2009-09-07 10:39 5,632 a------- c:\windows\system32\kbd103.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-09-07 10:39 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd106.dll
2009-09-07 10:39 6,144 a------- c:\windows\system32\kbd101b.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 21:11 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-03 20:54 230,912 a------- c:\windows\PEV.exe
2009-09-03 20:54 161,792 a------- c:\windows\SWREG.exe
2009-09-03 20:54 98,816 a------- c:\windows\sed.exe
2009-08-30 05:57 <DIR> --d----- c:\documents and settings\john\DoctorWeb
2009-08-29 14:13 <DIR> --d----- c:\program files\common files\TSCUninstall
2009-08-24 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 <DIR> --d----- c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2009-08-24 09:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-24 08:27 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-08-23 21:11 <DIR> --d----- c:\program files\Trend Micro
2009-08-23 21:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 21:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 18:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-23 18:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-23 18:15 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 17:31 <DIR> --d----- c:\program files\ESET
2009-08-23 17:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-23 17:08 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-08-22 09:18 1,409 a------- c:\windows\system32\tmpEFBFD.FOT
2009-08-22 09:14 3,540 a------- c:\windows\disney.ini

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-23 11:51 43,520 a------- c:\windows\system32\CTBurst.dll
2009-06-23 11:50 11,776 a------- c:\windows\system32\inres.dll
2009-06-23 11:50 11,776 a------- c:\windows\INRES.DLL
2009-06-23 11:50 182,272 a------- c:\windows\system32\ctdvinst.dll
2009-06-23 11:50 86,528 a------- c:\windows\system32\ctcoinst.dll
2009-06-23 11:49 10,752 a------- c:\windows\system32\a3d.dll
2009-06-23 11:48 11,776 a------- c:\windows\system32\ac3api.dll
2009-06-23 11:48 38,400 a------- c:\windows\system32\readreg.exe
2009-06-23 11:48 37,888 a------- c:\windows\system32\psconv.exe
2009-06-23 11:48 19,456 a------- c:\windows\system32\CtHelper.exe
2009-06-23 11:48 8,704 a------- c:\windows\system32\ctagent.dll
2009-06-23 11:48 45,568 a------- c:\windows\system32\ctspkhlp.dll
2009-06-23 11:47 56,832 a------- c:\windows\system32\CTpcmcia.dll
2009-06-23 11:47 12,800 a------- c:\windows\system32\ctmmep.dll
2009-06-23 11:46 9,216 a------- c:\windows\system32\ctpres.dll
2009-06-23 11:46 32,768 a------- c:\windows\system32\ctthxcal.dll
2009-06-23 11:46 41,472 a------- c:\windows\system32\ctscal.dll
2009-06-23 11:46 131,072 a------- c:\windows\system32\ctdcifce.dll
2009-06-23 11:46 330,752 a------- c:\windows\system32\ctdc0001.dll
2009-06-23 11:46 227,840 a------- c:\windows\system32\ctdc0000.dll
2009-06-23 11:46 10,240 a------- c:\windows\system32\ctdcres.dll
2009-06-23 11:46 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-23 11:28 386,852 a------- c:\windows\system32\ctdnlstr.dat
2009-06-23 11:28 51,787 a------- c:\windows\system32\ctdlang.dat
2009-06-23 11:28 196,096 a------- c:\windows\system32\ctemupia.dll
2009-06-23 11:24 176,128 a------- c:\windows\system32\ct_oal.dll
2009-06-23 11:24 46,592 a------- c:\windows\system32\ctasio.dll
2009-06-23 11:24 49,152 a------- c:\windows\system32\ctdproxy.dll
2009-06-23 11:23 69,632 a------- c:\windows\system32\ctosuser.dll
2009-06-23 11:23 6,144 a------- c:\windows\system32\sfman32.dll
2009-06-23 11:23 125,952 a------- c:\windows\system32\sfms32.dll
2009-06-23 11:23 13,312 a------- c:\windows\system32\regplib.exe
2009-06-23 11:23 64,512 a------- c:\windows\system32\piaproxy.dll
2009-06-23 11:22 149,838 a------- c:\windows\system32\ctbas2w.dat
2009-06-23 11:20 274,587 a------- c:\windows\system32\ctsbas2w.dat
2009-06-23 11:20 313,207 a------- c:\windows\system32\ctstatic.dat
2009-06-23 11:20 53,932 a------- c:\windows\system32\ctdaught.dat
2009-06-23 11:20 5,120 a------- c:\windows\system32\enlocstr.exe
2009-06-23 11:20 10,240 a------- c:\windows\system32\killapps.exe
2009-06-23 11:19 33,792 a------- c:\windows\system32\devreg.dll
2009-06-21 15:49 82,784 -------- c:\docume~1\john\applic~1\GDIPFONTCACHEV1.DAT
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-10-23 19:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 6:32:51.28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2008 11:06:03 PM
System Uptime: 9/14/2009 9:04:11 AM (21 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel® Pentium® 4 CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 0.673 GiB free.
D: is FIXED (FAT32) - 10 GiB total, 6.319 GiB free.
E: is FIXED (FAT32) - 7 GiB total, 3.797 GiB free.
F: is FIXED (FAT32) - 22 GiB total, 10.98 GiB free.
G: is FIXED (FAT32) - 10 GiB total, 6.708 GiB free.
I: is FIXED (FAT32) - 10 GiB total, 1.046 GiB free.
J: is CDROM ()
K: is CDROM ()
S: is FIXED (NTFS) - 0 GiB total, 0.004 GiB free.
Y: is FIXED (NTFS) - 56 GiB total, 50.594 GiB free.
Z: is FIXED (NTFS) - 19 GiB total, 18.574 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP549: 8/27/2009 9:39:10 PM - System Checkpoint
RP550: 8/28/2009 1:43:45 AM - Software Distribution Service 3.0
RP551: 8/28/2009 6:22:38 AM - Software Distribution Service 3.0
RP552: 8/29/2009 6:25:07 AM - System Checkpoint
RP553: 8/30/2009 6:48:08 AM - System Checkpoint
RP554: 8/31/2009 7:55:28 AM - System Checkpoint
RP555: 9/1/2009 1:56:54 AM - Software Distribution Service 3.0
RP556: 9/2/2009 2:26:21 AM - System Checkpoint
RP557: 9/3/2009 2:38:25 AM - System Checkpoint
RP558: 9/3/2009 5:38:35 PM - Software Distribution Service 3.0
RP559: 9/4/2009 7:06:26 PM - System Checkpoint
RP560: 9/5/2009 8:06:05 PM - System Checkpoint
RP561: 9/6/2009 9:45:29 PM - System Checkpoint
RP562: 9/7/2009 7:30:48 PM - sept
RP563: 9/7/2009 11:18:06 PM - Software Distribution Service 3.0
RP564: 9/8/2009 8:43:03 PM - Software Distribution Service 3.0
RP565: 9/9/2009 9:17:48 PM - System Checkpoint
RP566: 9/10/2009 2:37:37 PM - Software Distribution Service 3.0
RP567: 9/11/2009 6:29:41 AM - regular
RP568: 9/12/2009 7:30:06 AM - System Checkpoint
RP569: 9/13/2009 5:43:45 PM - System Checkpoint
RP570: 9/14/2009 12:55:03 PM - Software Distribution Service 3.0

==== Installed Programs ======================


Sansa Media Converter
Acronis TrueImage
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
Arthur's Kindergarten
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
Battlefield 1942
Bonjour
Canon Utilities PhotoStitch 3.1
Cars - Radiator Springs Adventures
Choice Guard
Command & Conquer Generals
Command & Conquer Tiberian Sun
Compatibility Pack for the 2007 Office system
Concord EyeQ Duo 2000 Digital Camera
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00
Crayon Physics Deluxe - release 53
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
EA Network Play System
ESET Online Scanner v3
Express Burn
FlightGear v1.0.0
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2100 series
InCD (Ahead Software)
iriver Music Manager
iRiver Updater
iTunes
Java™ 6 Update 15
Kid Pix Deluxe 3
Lara Croft Tomb Raider: The Angel Of Darkness
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Media Converter SA Edition 0.8
MediaShout 3
MediaShout 3.5 Update
MediaShout3 Update 478
MediaShout3 Update 626
MediaShout3 Update 678
MediaShout3 Update 711
MediaShout3 Update 726
MediaShout3 Update 727
Mickey Mouse Preschool
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows XP Video Decoder Checkup Utility
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Natural Color Pro
Nero
PhotoStitch
Playlist Creator 3
Pleo Updater 1.1
Prism Video Converter
QuickTime
Reader Rabbit Learn To Read With Phonics
Readiris 7.5
Rolling Madness 3D v1.0
Saitek NT Controller Drivers
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sound Blaster Audigy 2 ZS
Stanley Wild for Sharks
StarFlyers Alien Space Chase
SUPER © Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware Free Edition
The Battle for Middle-earth ™
The Mystery of Veggie Island
Tom Clancy's Rainbow Six 3: Raven Shield
TrackMania Nations Forever
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Westwood Shared Internet Components
Windows Backup Utility
Windows Defender
Windows Driver Package - Ugobe Inc. (usbser) Ports (04/06/2007 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winnie the Pooh Preschool
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/8/2009 8:53:47 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/8/2009 8:53:28 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/8/2009 8:53:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/14/2009 6:11:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/12/2009 12:11:04 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
9/10/2009 9:16:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/10/2009 9:12:04 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/10/2009 9:10:20 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 9:10:20 AM, error: Service Control Manager [7001] - The Messenger service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 9:10:20 AM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 9:10:20 AM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
9/10/2009 9:10:20 AM, error: Service Control Manager [7000] - The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 7:01:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume7'. It has stopped monitoring the volume.
9/10/2009 2:31:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 15 September 2009 - 06:50 AM

Hello.

FYI, one of the infections Combofix removed was the UAC rootkit.

Regarding rootkits...

Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

If you wish to continue, please follow the instructions below please...

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 jjkeane3rd

jjkeane3rd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 September 2009 - 06:14 AM

ESET found nothing. I did not bother to run DDS again since it did not.

My computer has been running fine for about 1 week now.

Unless there is anythign else to run - I'll take the reformating option and move forward.

John

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 16 September 2009 - 03:18 PM

Hello.

Unless there is anythign else to run - I'll take the reformating option and move forward.

Since you wish to take the formatting option then I'll let you do so.

Good luck. If you need help let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 19 September 2009 - 11:03 AM

Hello.

Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users