Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Google redirect TDSS type malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 devildog2126

devildog2126

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 17 June 2010 - 10:57 PM

I have been getting hit with a google redirect type virus. I tried all types of scans found lots of stuff and removed. It seemed like it was gone....but today comp is slooow and it popped up again.

Any help is appreciated

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 17 June 2010 - 11:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 18 June 2010 - 12:01 AM

Thank you very much for your help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Richard Curcio at 0:48:24.59 on Fri 06/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.203 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1147563008\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
svchost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Richard Curcio\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://laptops.toshiba.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [TPSMain] "TPSMain.exe"
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [dla] "c:\windows\system32\dla\DLACTRLW.exe"
mRun: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [HostManager] "c:\program files\common files\aol\1147563008\ee\AOLSoftware.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\progra~1\alwils~1\avast5\avastUI.exe" /nogui
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\richar~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://pogo.oberon-media.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richar~1\applic~1\mozilla\firefox\profiles\hricnzzq.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-25 385536]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-10 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-11 30320]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-12 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-12 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-13 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-13 144704]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-11 61624]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-5 1201640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-13 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-25 35272]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-11 24400]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-6-11 6385616]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2007-11-6 30848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-11 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3c.tmp --> c:\windows\system32\3C.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-25 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-10 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-10 1142224]
S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-13 606736]

=============== Created Last 30 ================

2010-06-18 04:45:14 0 ----a-w- c:\documents and settings\richard curcio\defogger_reenable
2010-06-18 02:44:49 0 d-sha-r- C:\cmdcons
2010-06-18 02:39:24 98816 ----a-w- c:\windows\sed.exe
2010-06-18 02:39:24 77312 ----a-w- c:\windows\MBR.exe
2010-06-18 02:39:24 256512 ----a-w- c:\windows\PEV.exe
2010-06-18 02:39:24 161792 ----a-w- c:\windows\SWREG.exe
2010-06-16 04:29:48 0 d-----w- c:\docume~1\richar~1\applic~1\Pogo
2010-06-16 04:29:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo
2010-06-16 04:24:27 0 d-----w- c:\program files\Oberon Media
2010-06-13 14:11:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-13 04:40:17 11099 ----a-w- c:\windows\system32\Config.MPF
2010-06-13 04:29:35 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 04:29:14 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-13 04:25:34 0 d-----w- c:\program files\common files\McAfee
2010-06-13 04:25:30 0 d-----w- c:\program files\McAfee.com
2010-06-13 04:24:07 0 d-----w- c:\program files\McAfee
2010-06-12 21:08:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-12 20:55:27 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-06-12 20:54:41 0 d-----w- c:\program files\Security Task Manager
2010-06-12 20:53:27 0 d-----w- c:\docume~1\richar~1\applic~1\Uniblue
2010-06-12 20:51:32 0 d-----w- c:\program files\Uniblue
2010-06-12 19:17:38 0 d-----w- c:\program files\Safe Returner
2010-06-12 03:42:31 0 d-----w- c:\docume~1\richar~1\applic~1\Malwarebytes
2010-06-12 03:41:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 03:41:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 03:41:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 03:40:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 21:46:22 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-11 21:46:18 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-11 21:46:14 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-11 21:45:46 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-11 21:45:39 0 d-----w- c:\program files\Prevx
2010-06-11 21:45:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-06-11 18:00:48 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-11 04:54:21 0 d-----w- c:\program files\Karen's Power Tools
2010-06-11 04:53:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2010-06-11 03:25:42 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-11 03:25:22 1652688 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-11 03:21:06 0 d-----w- c:\program files\Sophos
2010-06-11 03:14:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-11 03:14:16 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-11 03:13:37 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-11 03:13:37 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-11 03:13:37 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 03:13:33 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 03:12:26 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-11 03:12:18 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 03:09:59 0 d-----w- c:\program files\common files\PC Tools
2010-06-11 03:09:55 0 d-----w- c:\program files\Spyware Doctor
2010-06-11 03:09:55 0 d-----w- c:\docume~1\richar~1\applic~1\PC Tools
2010-06-11 03:09:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-10 21:17:22 0 d-----w- c:\program files\Trend Micro
2010-06-08 21:32:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Pitney Bowes
2010-05-28 17:26:58 3444 ----a-w- c:\documents and settings\richard curcio\.recently-used.xbel
2010-05-21 03:57:22 112 ----a-w- c:\documents and settings\richard curcio\.gtk-bookmarks
2010-05-21 03:48:43 0 d-----w- c:\documents and settings\richard curcio\.thumbnails
2010-05-21 03:34:30 0 d-----w- c:\documents and settings\richard curcio\.gimp-2.6

==================== Find3M ====================

2010-06-18 00:33:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-13 06:12:03 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 12:06:44 4440 ----a-w- c:\docume~1\richar~1\applic~1\wklnhst.dat
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-24 16:07:53 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-24 16:07:50 88 --sh--r- c:\docume~1\alluse~1\applic~1\CCDE9A0934.sys
2009-09-16 00:59:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091520090916\index.dat

============= FINISH: 0:50:21.50 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 5:32:30 PM
System Uptime: 6/17/2010 11:07:38 PM (1 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 112.853 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Radio Toolbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audacity 1.3.10 (Unicode)
avast! Free Antivirus
AVIConverter 3.0
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
CAM UnZip 4.42
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Corel WinDVD 2010
CustomerResearchQFolder
D4200
D4200_Help
Desktop Dialer
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Download Updater (AOL LLC)
DVD-RAM Driver
eMedia Guitar Method
eMedia Toolkit
eSupportQFolder
Fast Track
Free Registry Fix 5.5
Garmin Trip and Waypoint Manager v4
Garmin WebUpdater
GemMaster Mystic
getPlus® Download Manager for Corel
Gold Miner Special Edition (remove only)
Gold Miner Vegas (remove only)
Google Desktop
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
hp psc 1200 series
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPlayMusic
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java™ 6 Update 18
Karen's Cookie Viewer
LAME v3.98.2 for Audacity
Mah Jong Quest
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Small Business Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
mIWA
mLogView
mMHouse
Monopoly City
Mozilla Firefox (3.6.3)
MP3 EasySplitter (Trial)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
mZConfig
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
NeatWorks
NeatWorks Core Files
Office 2003 Trial Assistant
OpenOffice.org 3.2
Otto
PanoStandAlone
Picasa 2
Polar Bowler
Prevx
PSSWCORE
Pure Networks Port Magic
Quicken 2010
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
Safari
Safe Returner 1.22
SCRABBLE
SD Secure Module
Security Task Manager 1.7h
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sophos Anti-Rootkit 1.5.4
Spy Sweeper Core
Spyware Doctor 7.0
Status
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TrayApp
Uniblue RegistryBooster
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01
Viewpoint Media Player
VoiceOver Kit
WavePad Sound Editor
Web Easy Professional 6
WebEx
WebFldrs XP
WebReg
Webroot AntiVirus with Spy Sweeper
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

6/17/2010 8:36:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
6/17/2010 8:36:15 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2010 7:13:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
6/17/2010 7:10:19 PM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 0018DE2B03F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/17/2010 11:12:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
6/17/2010 11:11:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
6/17/2010 11:11:07 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2010 11:05:16 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SVRPEDRV\0000 disappeared from the system without first being prepared for removal.
6/17/2010 11:05:16 PM, error: PlugPlayManager [11] - The device Root\LEGACY_IO_MEMORY\0000 disappeared from the system without first being prepared for removal.
6/14/2010 9:44:21 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
6/14/2010 9:16:36 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
6/14/2010 8:22:17 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
6/14/2010 7:54:43 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/14/2010 3:26:09 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
6/14/2010 10:15:07 AM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 0018DE2B03F3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/13/2010 2:58:28 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
6/13/2010 2:55:19 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/13/2010 2:14:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
6/13/2010 2:14:18 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2010 2:14:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
6/12/2010 8:43:25 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
6/12/2010 8:42:56 PM, error: SRService [104] - The System Restore initialization process failed.
6/12/2010 8:39:11 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 8:39:10 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 8:32:37 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 7:37:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
6/12/2010 5:33:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
6/12/2010 5:33:14 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2010 5:31:44 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 4:30:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
6/12/2010 4:30:51 PM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2010 4:30:51 PM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2010 3:07:09 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE2B03F3. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/11/2010 5:46:56 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
6/11/2010 5:31:21 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
6/11/2010 1:33:11 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
6/11/2010 1:33:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/11/2010 1:33:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/11/2010 1:11:41 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xAA3B3000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4247552 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7AED000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xF6A21000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1355776 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA27C000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7355000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9F82000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF66F8000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF72DF000 mfehidk.sys 376832 bytes (McAfee, Inc., McAfee Link Driver)
0xAA0FE000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA91E2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9329000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7422000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF7473000 KR10N.sys 204800 bytes (TOSHIBA CORPORATION, TOSHIBA RAID Driver)
0xF6756000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF67D1000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF758C000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF754D000 ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xA954A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7520000 C:\WINDOWS\system32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7AB1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9FF2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6800000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF69E5000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA061000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF683C000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xA9F5B000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xAA0AF000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF74BD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA089000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9B1B000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA38F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6864000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF67AE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA03F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAA01D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75BA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74E3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7502000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF733B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA17B000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF74A5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9D35000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9F1B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF745B000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA994C000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF73F5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6797000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9D4D000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9D1F000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF740C000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA977F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6828000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF6A0D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA157000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF73E2000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA84B0000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF757B000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6786000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA16A000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF774B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF772B000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76AB000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF760B000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6B8C000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF768B000 Combo-Fix.sys 61440 bytes
0xF786B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF773B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9AEB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6BDC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF761B000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAA214000 C:\WINDOWS\System32\drivers\pxrts.sys 57344 bytes (Prevx, Prevx Realtime Security)
0xF767B000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF770B000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77EB000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF765B000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF780B000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76CB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF771B000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF764B000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77FB000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF763B000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF76BB000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xF6B7C000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xAA204000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75FB000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF783B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF782B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF6BFC000 C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF766B000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76FB000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6B9C000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF781B000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6B6C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA89C2000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF762B000 sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF6BAC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7903000 C:\ComboFix\catchme.sys 32768 bytes
0xF78EB000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF798B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A03000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF78D3000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF795B000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7923000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7883000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78DB000 C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xF79BB000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7953000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7933000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF791B000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF78FB000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xA9F03000 C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF790B000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7893000 pxscan.sys 24576 bytes (Prevx, Prevx Scanner)
0xF799B000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF78CB000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7963000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79E3000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xA9ECB000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7993000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF796B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF788B000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79CB000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF789B000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78F3000 C:\WINDOWS\System32\drivers\pxkbf.sys 20480 bytes (Prevx, Prevx Keyboard Security)
0xF79DB000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF787B000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7913000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A13000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF72A7000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA9DE3000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7ACF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9C4F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA9C73000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7A17000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA9DEB000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A0B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A0F000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA0DE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF725E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA9C43000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF727E000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7266000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF726A000 C:\WINDOWS\system32\DRIVERS\sffdisk.sys 12288 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0xAA254000 C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 12288 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0xF7AD7000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xF7B6B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B41000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7BB5000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AFF000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B9F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B67000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AFB000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B6F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B49000 C:\WINDOWS\system32\DRIVERS\NBSMI.sys 8192 bytes (Toshiba Corporation, Toshiba Notebook PC SMI Driver)
0xF7B59000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF7B73000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B5D000 C:\WINDOWS\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)
0xF7B47000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B3D000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AFD000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C5C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C00000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7C4B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BC4000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7BC3000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x869E50E8 unknown_irp_handler 3864 bytes
0x86A1D140 unknown_irp_handler 3776 bytes
0x86A19160 unknown_irp_handler 3744 bytes
0x86B1A208 unknown_irp_handler 3576 bytes
0x86B51230 unknown_irp_handler 3536 bytes
0x86A31408 unknown_irp_handler 3064 bytes
0x869FD430 unknown_irp_handler 3024 bytes
0x86AF2608 unknown_irp_handler 2552 bytes
0x86B298E8 unknown_irp_handler 1816 bytes
0x86A63988 unknown_irp_handler 1656 bytes
0x86A0C9F0 unknown_irp_handler 1552 bytes
0x86B9AA60 unknown_irp_handler 1440 bytes
0x86A5DB20 unknown_irp_handler 1248 bytes
0x86A13B20 unknown_irp_handler 1248 bytes
0x86B3AB50 unknown_irp_handler 1200 bytes
0x86A3AB50 unknown_irp_handler 1200 bytes
0x86A50BB0 unknown_irp_handler 1104 bytes
0x86A50C28 unknown_irp_handler 984 bytes
0x86A50CA0 unknown_irp_handler 864 bytes
0x86A50D18 unknown_irp_handler 744 bytes
0x86B21DB8 unknown_irp_handler 584 bytes
0x86A4FE10 unknown_irp_handler 496 bytes
0x86A51E30 unknown_irp_handler 464 bytes
0x86A51EA8 unknown_irp_handler 344 bytes
0x869D7ED8 unknown_irp_handler 296 bytes
==============================================
>Stealth
==============================================


Nothing detected sad.gif

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 18 June 2010 - 12:13 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 18 June 2010 - 06:56 AM

I can't tell you how much I appreciate the help. Here is the combofix log

ComboFix 10-06-17.02 - Richard Curcio 06/18/2010 7:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.352 [GMT -4:00]
Running from: c:\documents and settings\Richard Curcio\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-17 12:28 . 2010-06-17 12:28 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\qvopvohk
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Pogo
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Pogo
2010-06-16 04:24 . 2010-06-16 04:24 -------- d-----w- c:\program files\Oberon Media
2010-06-14 18:47 . 2010-06-14 18:47 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\PCHealth
2010-06-13 14:11 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-13 04:29 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 04:29 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-13 04:25 . 2010-06-13 04:29 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-13 04:25 . 2010-06-13 04:27 -------- d-----w- c:\program files\McAfee.com
2010-06-13 04:24 . 2010-06-17 12:31 -------- d-----w- c:\program files\McAfee
2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Help
2010-06-12 21:17 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-12 21:17 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-12 21:16 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-12 21:16 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-12 21:16 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-12 21:16 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-12 21:16 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-12 21:09 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-12 21:09 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\program files\Alwil Software
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-12 20:55 . 2010-06-12 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-12 20:54 . 2010-06-12 23:57 -------- d-----w- c:\program files\Security Task Manager
2010-06-12 20:53 . 2010-06-12 20:53 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Uniblue
2010-06-12 20:51 . 2010-06-12 20:51 -------- d-----w- c:\program files\Uniblue
2010-06-12 19:17 . 2010-06-12 19:18 -------- d-----w- c:\program files\Safe Returner
2010-06-12 03:42 . 2010-06-12 03:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 03:41 . 2010-06-12 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 03:40 . 2010-06-13 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 21:46 . 2010-06-16 21:57 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-11 21:46 . 2010-06-16 21:57 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-11 21:46 . 2010-06-16 21:57 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-11 21:45 . 2010-06-16 21:57 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-11 21:45 . 2010-06-16 21:57 -------- d-----w- c:\program files\Prevx
2010-06-11 21:45 . 2010-06-18 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-11 18:00 . 2010-06-11 18:00 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Karen's Power Tools
2010-06-11 04:53 . 2010-06-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Threat Expert
2010-06-11 03:21 . 2010-06-11 03:21 -------- d-----w- c:\program files\Sophos
2010-06-11 03:14 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-11 03:13 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 03:13 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 03:12 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 03:09 . 2010-06-11 03:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-11 03:09 . 2010-06-18 11:21 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 03:09 . 2010-06-11 03:09 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\PC Tools
2010-06-11 03:09 . 2010-06-11 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-10 21:17 . 2010-06-10 21:17 -------- d-----w- c:\program files\Trend Micro
2010-06-10 16:30 . 2010-06-10 16:30 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\WMTools Downloaded Files
2010-06-08 21:32 . 2010-06-08 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pitney Bowes
2010-06-08 21:31 . 2010-06-08 21:31 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\{C7A36559-A3B7-4ECB-BDD5-B99359C23038}
2010-05-21 03:49 . 2010-05-28 17:27 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\gtk-2.0
2010-05-21 03:48 . 2010-05-21 03:48 -------- d-----w- c:\documents and settings\Richard Curcio\.thumbnails
2010-05-21 03:34 . 2010-06-13 03:08 -------- d-----w- c:\documents and settings\Richard Curcio\.gimp-2.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 11:21 . 2010-01-07 22:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-18 00:33 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-16 21:56 . 2010-06-16 21:56 937416 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-06-13 15:48 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-13 06:12 . 2004-08-03 23:07 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2010-06-13 03:09 . 2007-02-01 01:53 -------- d-----w- c:\documents and settings\Joan Curcio\Application Data\U3
2010-06-12 20:55 . 2010-06-12 20:55 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6FFA79444C8994F40B374FF824CBFBE9.dll
2010-06-10 23:27 . 2010-01-09 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-07 13:28 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2010-06-07 13:25 . 2007-08-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-20 17:41 . 2010-01-10 20:40 -------- d-----w- c:\program files\Quicken
2010-05-20 17:39 . 2010-05-20 17:39 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-05-20 17:36 . 2010-01-10 20:46 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-05-17 01:51 . 2010-05-17 01:51 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\ZoomBrowser EX
2010-05-17 01:42 . 2010-05-17 01:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Canon
2010-05-17 01:31 . 2010-05-17 01:26 -------- d-----w- c:\program files\Canon
2010-05-17 01:29 . 2010-05-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-05-17 01:24 . 2010-05-17 01:24 -------- d-----w- c:\program files\Common Files\Canon
2010-05-15 01:03 . 2010-05-15 01:03 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Neat
2010-05-15 01:02 . 2010-05-15 01:02 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Nuance
2010-05-15 00:59 . 2010-05-15 00:49 -------- d-----w- c:\program files\NeatWorks
2010-05-15 00:54 . 2010-05-15 00:49 -------- d-----w- c:\program files\Common Files\The Neat Company
2010-05-15 00:52 . 2010-05-15 00:52 -------- d-----w- c:\program files\Common Files\NeatReceipts
2010-05-15 00:51 . 2006-12-30 22:40 -------- d-----w- c:\program files\Common Files\Intuit
2010-05-15 00:49 . 2010-05-15 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\The Neat Company
2010-05-06 10:41 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 12:06 . 2006-12-31 20:14 4440 ----a-w- c:\documents and settings\Richard Curcio\Application Data\wklnhst.dat
2010-05-04 20:47 . 2010-05-04 20:47 -------- d-----w- c:\program files\AVIConverter
2010-05-02 05:22 . 2006-02-15 14:04 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 02:23 . 2010-03-24 21:25 -------- d-----w- c:\program files\eMedia Guitar Method
2010-04-20 05:30 . 2006-02-15 14:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:50 . 2009-09-25 18:54 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-31 12:54 . 2010-03-31 12:54 1 ----a-w- c:\documents and settings\Richard Curcio\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-30 18:15 . 2010-03-30 18:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-04-06 19:35 . 2010-04-06 19:35 27960 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-04-06 19:35 . 2010-04-06 19:35 126344 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-04-06 19:38 . 2010-04-06 19:38 98696 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-10 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1147563008\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Joan Curcio\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\Richard Curcio\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FastTrackInstallerService"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/10/2010 11:13 PM 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [6/11/2010 5:46 PM 30320]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2010 5:17 PM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2010 5:17 PM 19024]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [6/11/2010 5:46 PM 61624]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/5/2010 11:54 PM 1201640]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [6/11/2010 5:45 PM 24400]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [6/11/2010 5:45 PM 6385616]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [11/6/2007 10:06 PM 30848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/11/2010 11:41 PM 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3C.tmp --> c:\windows\system32\3C.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/10/2010 11:10 PM 366840]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-17 c:\windows\Tasks\Free Registry Fix.job
- c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe [2009-12-28 08:13]

2008-04-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4173988667.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2010-03-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-17 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://laptops.toshiba.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard Curcio\Application Data\Mozilla\Firefox\Profiles\hricnzzq.default\
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 07:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tixthosvdtiqmby]
"imagepath"="\??\c:\windows\TEMP\800.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\°*¬ 8*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5616)
c:\windows\system32\WININET.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-06-18 07:51:03
ComboFix-quarantined-files.txt 2010-06-18 11:50
ComboFix2.txt 2010-06-18 03:26

Pre-Run: 121,115,774,976 bytes free
Post-Run: 121,098,444,800 bytes free

- - End Of File - - 49D0467F517EAE386697AE08ACDF4A41

The computer seems to be doing well now. Although there have been times in the last few days when it seemed to as well.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 18 June 2010 - 03:27 PM

Greetings

:multiple Anti Virus programs:
    It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    AV: avast! Antivirus
    AV: McAfee VirusScan
    AV: Spyware Doctor with AntiVirus
    AV: Webroot AntiVirus with Spy Sweeper


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove three of them.

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
c:\documents and settings\Richard Curcio\Local Settings\Application Data\qvopvohk


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 18 June 2010 - 06:04 PM

I downloaded all that stuff to try and eliminate my problem. I kept spysweeper and deleted the other three.

If I can ask...What do you recommend for computer security?

The overt problems seem to be gone. Not getting popups or redirects. I am concerned about reinfecting on a reboot, or that something else is gathering some sort of info behind the scenes.

I got a notice during one of the scans I ran before I stated with you that said atapi.sys was infected.
I don't know if that is corrected already.

I really appreciate the help.

Here is the latest log;

ComboFix 10-06-17.02 - Richard Curcio 06/18/2010 17:46:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.600 [GMT -4:00]
Running from: c:\documents and settings\Richard Curcio\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard Curcio\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 21:36 . 2010-06-18 21:36 -------- d-----w- c:\windows\LastGood
2010-06-17 12:28 . 2010-06-17 12:28 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\qvopvohk
2010-06-16 21:56 . 2010-06-16 21:56 937416 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Pogo
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Pogo
2010-06-16 04:24 . 2010-06-16 04:24 -------- d-----w- c:\program files\Oberon Media
2010-06-14 18:47 . 2010-06-14 18:47 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\PCHealth
2010-06-13 14:11 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-13 04:29 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 04:25 . 2010-06-13 04:29 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-13 04:25 . 2010-06-13 04:27 -------- d-----w- c:\program files\McAfee.com
2010-06-13 04:24 . 2010-06-18 21:43 -------- d-----w- c:\program files\McAfee
2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Help
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\program files\Alwil Software
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-12 20:57 . 2009-02-09 12:10 617472 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2010-06-12 20:57 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2010-06-12 20:55 . 2010-06-12 20:55 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6FFA79444C8994F40B374FF824CBFBE9.dll
2010-06-12 20:54 . 2010-06-12 23:57 -------- d-----w- c:\program files\Security Task Manager
2010-06-12 20:53 . 2010-06-12 20:53 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Uniblue
2010-06-12 20:51 . 2010-06-12 20:51 -------- d-----w- c:\program files\Uniblue
2010-06-12 19:17 . 2010-06-12 19:18 -------- d-----w- c:\program files\Safe Returner
2010-06-12 03:42 . 2010-06-12 03:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 03:41 . 2010-06-12 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 03:40 . 2010-06-13 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 21:46 . 2010-06-16 21:57 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-11 21:46 . 2010-06-16 21:57 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-11 21:46 . 2010-06-16 21:57 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-11 21:45 . 2010-06-16 21:57 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-11 21:45 . 2010-06-16 21:57 -------- d-----w- c:\program files\Prevx
2010-06-11 21:45 . 2010-06-18 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-11 18:00 . 2010-06-11 18:00 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Karen's Power Tools
2010-06-11 04:53 . 2010-06-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Threat Expert
2010-06-11 03:21 . 2010-06-11 03:21 -------- d-----w- c:\program files\Sophos
2010-06-11 03:09 . 2010-06-18 21:31 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-11 03:09 . 2010-06-18 21:31 -------- d-----w- c:\program files\Spyware Doctor
2010-06-10 21:17 . 2010-06-10 21:17 -------- d-----w- c:\program files\Trend Micro
2010-06-10 16:30 . 2010-06-10 16:30 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\WMTools Downloaded Files
2010-06-08 21:32 . 2010-06-08 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pitney Bowes
2010-06-08 21:31 . 2010-06-08 21:31 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\{C7A36559-A3B7-4ECB-BDD5-B99359C23038}
2010-05-21 03:49 . 2010-05-28 17:27 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\gtk-2.0
2010-05-21 03:48 . 2010-05-21 03:48 -------- d-----w- c:\documents and settings\Richard Curcio\.thumbnails
2010-05-21 03:34 . 2010-06-13 03:08 -------- d-----w- c:\documents and settings\Richard Curcio\.gimp-2.6
2010-05-20 17:39 . 2010-05-20 17:39 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:41 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-18 21:40 . 2010-01-07 22:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-18 00:33 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-13 06:12 . 2004-08-03 23:07 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2010-06-13 03:09 . 2007-02-01 01:53 -------- d-----w- c:\documents and settings\Joan Curcio\Application Data\U3
2010-06-12 21:47 . 2010-06-12 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-12 20:55 . 2010-06-12 20:55 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-06-10 23:27 . 2010-01-09 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-07 13:28 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2010-06-07 13:25 . 2007-08-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-20 17:41 . 2010-01-10 20:40 -------- d-----w- c:\program files\Quicken
2010-05-20 17:36 . 2010-01-10 20:46 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-05-17 01:51 . 2010-05-17 01:51 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\ZoomBrowser EX
2010-05-17 01:42 . 2010-05-17 01:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Canon
2010-05-17 01:31 . 2010-05-17 01:26 -------- d-----w- c:\program files\Canon
2010-05-17 01:29 . 2010-05-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-05-17 01:24 . 2010-05-17 01:24 -------- d-----w- c:\program files\Common Files\Canon
2010-05-15 01:03 . 2010-05-15 01:03 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Neat
2010-05-15 01:02 . 2010-05-15 01:02 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Nuance
2010-05-15 00:59 . 2010-05-15 00:49 -------- d-----w- c:\program files\NeatWorks
2010-05-15 00:54 . 2010-05-15 00:49 -------- d-----w- c:\program files\Common Files\The Neat Company
2010-05-15 00:52 . 2010-05-15 00:52 -------- d-----w- c:\program files\Common Files\NeatReceipts
2010-05-15 00:51 . 2006-12-30 22:40 -------- d-----w- c:\program files\Common Files\Intuit
2010-05-15 00:49 . 2010-05-15 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\The Neat Company
2010-05-06 10:41 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 12:06 . 2006-12-31 20:14 4440 ----a-w- c:\documents and settings\Richard Curcio\Application Data\wklnhst.dat
2010-05-04 20:47 . 2010-05-04 20:47 -------- d-----w- c:\program files\AVIConverter
2010-05-02 05:22 . 2006-02-15 14:04 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 02:23 . 2010-03-24 21:25 -------- d-----w- c:\program files\eMedia Guitar Method
2010-04-20 05:30 . 2006-02-15 14:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:50 . 2009-09-25 18:54 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-31 12:54 . 2010-03-31 12:54 1 ----a-w- c:\documents and settings\Richard Curcio\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-30 18:15 . 2010-03-30 18:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-04-06 19:35 . 2010-04-06 19:35 27960 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-04-06 19:35 . 2010-04-06 19:35 126344 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-04-06 19:38 . 2010-04-06 19:38 98696 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-18_11.43.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-15 15:41 . 2010-06-18 19:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-15 15:41 . 2010-06-18 19:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-02-15 15:41 . 2010-06-18 19:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-10 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1147563008\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Joan Curcio\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\Richard Curcio\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - c:\windows\system32\cmd.exe [2006-2-15 389120]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FastTrackInstallerService"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [6/11/2010 5:46 PM 30320]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [6/11/2010 5:46 PM 61624]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/5/2010 11:54 PM 1201640]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [6/11/2010 5:45 PM 24400]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 0147701276896986mcinstcleanup;McAfee Application Installer Cleanup (0147701276896986);c:\docume~1\RICHAR~1\LOCALS~1\Temp\014770~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\RICHAR~1\LOCALS~1\Temp\014770~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [6/11/2010 5:45 PM 6385616]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [11/6/2007 10:06 PM 30848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/11/2010 11:41 PM 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3C.tmp --> c:\windows\system32\3C.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-18 c:\windows\Tasks\Free Registry Fix.job
- c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe [2009-12-28 08:13]

2008-04-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4173988667.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2010-03-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-17 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://laptops.toshiba.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard Curcio\Application Data\Mozilla\Firefox\Profiles\hricnzzq.default\
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tixthosvdtiqmby]
"imagepath"="\??\c:\windows\TEMP\800.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\°*¬ 8*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5148)
c:\windows\system32\WININET.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-06-18 18:01:26
ComboFix-quarantined-files.txt 2010-06-18 22:01
ComboFix2.txt 2010-06-18 11:51
ComboFix3.txt 2010-06-18 03:26

Pre-Run: 121,256,579,072 bytes free
Post-Run: 121,243,283,456 bytes free

- - End Of File - - EF1A41BE7116223791F2F908BCD5FF15

Edited by devildog2126, 18 June 2010 - 06:05 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 18 June 2010 - 06:18 PM

Hello devildog2126

What do you recommend for computer security? I will put this in my all clean when we are done

I am concerned about reinfecting on a reboot, or that something else is gathering some sort of info behind the scenes. right now the bad guy is gone it won't come back after a reboot.

I got a notice during one of the scans I ran before I stated with you that said atapi.sys was infected.
I don't know if that is corrected already.
that was the bad guy and it has been corrected

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    J2SE Runtime Environment 5.0 Update 4

    and click on remove

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 19 June 2010 - 12:10 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4190

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 10:10:06 PM
mbam-log-2010-06-18 (22-10-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 282411
Time elapsed: 1 hour(s), 10 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Results
C:\Documents and Settings\Richard Curcio\Local Settings\Application Data\qvopvohk\wakccas.exe a variant of Win32/Kryptik.ETK trojan

No problems are evident now and I followed all the directions without a problem.

Thank you very much


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 19 June 2010 - 12:22 AM

Lets get rid of that folder

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
C:\Documents and Settings\Richard Curcio\Local Settings\Application Data\qvopvohk}]
SkipFix::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 19 June 2010 - 08:55 AM

Here is the combofix log. I was not at the computer when it finished, but there was no dialogue box prompting for a file upload.

ComboFix 10-06-17.02 - Richard Curcio 06/19/2010 9:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.373 [GMT -4:00]
Running from: c:\documents and settings\Richard Curcio\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard Curcio\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 13:06 . 2010-06-19 13:06 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\CANON_INC
2010-06-19 02:43 . 2010-06-19 02:43 -------- d-----w- c:\program files\ESET
2010-06-19 00:20 . 2010-06-19 00:20 503808 ----a-w- c:\documents and settings\Richard Curcio\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647624e4-n\msvcp71.dll
2010-06-19 00:20 . 2010-06-19 00:20 499712 ----a-w- c:\documents and settings\Richard Curcio\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647624e4-n\jmc.dll
2010-06-19 00:20 . 2010-06-19 00:20 348160 ----a-w- c:\documents and settings\Richard Curcio\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647624e4-n\msvcr71.dll
2010-06-19 00:20 . 2010-06-19 00:20 61440 ----a-w- c:\documents and settings\Richard Curcio\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bfd9737-n\decora-sse.dll
2010-06-19 00:20 . 2010-06-19 00:20 12800 ----a-w- c:\documents and settings\Richard Curcio\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bfd9737-n\decora-d3d.dll
2010-06-19 00:20 . 2010-06-19 00:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 12:28 . 2010-06-17 12:28 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\qvopvohk
2010-06-16 21:56 . 2010-06-16 21:56 937416 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Pogo
2010-06-16 04:29 . 2010-06-16 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Pogo
2010-06-16 04:24 . 2010-06-16 04:24 -------- d-----w- c:\program files\Oberon Media
2010-06-14 18:47 . 2010-06-14 18:47 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\PCHealth
2010-06-13 14:11 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-13 04:29 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 04:25 . 2010-06-13 04:29 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-13 04:25 . 2010-06-13 04:27 -------- d-----w- c:\program files\McAfee.com
2010-06-13 04:24 . 2010-06-18 21:43 -------- d-----w- c:\program files\McAfee
2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Help
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\program files\Alwil Software
2010-06-12 21:08 . 2010-06-12 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-12 20:57 . 2009-02-09 12:10 617472 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2010-06-12 20:57 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2010-06-12 20:55 . 2010-06-12 20:55 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6FFA79444C8994F40B374FF824CBFBE9.dll
2010-06-12 20:54 . 2010-06-12 23:57 -------- d-----w- c:\program files\Security Task Manager
2010-06-12 20:53 . 2010-06-12 20:53 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Uniblue
2010-06-12 20:51 . 2010-06-12 20:51 -------- d-----w- c:\program files\Uniblue
2010-06-12 19:17 . 2010-06-12 19:18 -------- d-----w- c:\program files\Safe Returner
2010-06-12 03:42 . 2010-06-12 03:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 03:41 . 2010-06-12 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-12 03:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 03:40 . 2010-06-13 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 21:46 . 2010-06-16 21:57 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-11 21:46 . 2010-06-16 21:57 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-11 21:46 . 2010-06-16 21:57 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-11 21:45 . 2010-06-16 21:57 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-11 21:45 . 2010-06-16 21:57 -------- d-----w- c:\program files\Prevx
2010-06-11 21:45 . 2010-06-18 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-11 18:00 . 2010-06-11 18:00 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Karen's Power Tools
2010-06-11 04:53 . 2010-06-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\Threat Expert
2010-06-11 03:21 . 2010-06-11 03:21 -------- d-----w- c:\program files\Sophos
2010-06-10 21:17 . 2010-06-10 21:17 -------- d-----w- c:\program files\Trend Micro
2010-06-10 16:30 . 2010-06-10 16:30 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\WMTools Downloaded Files
2010-06-08 21:32 . 2010-06-08 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pitney Bowes
2010-06-08 21:31 . 2010-06-08 21:31 -------- d-----w- c:\documents and settings\Richard Curcio\Local Settings\Application Data\{C7A36559-A3B7-4ECB-BDD5-B99359C23038}
2010-05-21 03:49 . 2010-05-28 17:27 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\gtk-2.0
2010-05-21 03:48 . 2010-05-21 03:48 -------- d-----w- c:\documents and settings\Richard Curcio\.thumbnails
2010-05-21 03:34 . 2010-06-13 03:08 -------- d-----w- c:\documents and settings\Richard Curcio\.gimp-2.6
2010-05-20 17:39 . 2010-05-20 17:39 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 00:14 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-06-19 00:12 . 2006-02-16 09:28 -------- d-----w- c:\program files\Common Files\Java
2010-06-18 21:41 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-18 21:40 . 2010-01-07 22:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-18 00:33 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-13 06:12 . 2004-08-03 23:07 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2010-06-13 03:09 . 2007-02-01 01:53 -------- d-----w- c:\documents and settings\Joan Curcio\Application Data\U3
2010-06-12 21:47 . 2010-06-12 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-12 20:55 . 2010-06-12 20:55 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-06-10 23:27 . 2010-01-09 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-07 13:28 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2010-06-07 13:25 . 2007-08-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-20 17:41 . 2010-01-10 20:40 -------- d-----w- c:\program files\Quicken
2010-05-20 17:36 . 2010-01-10 20:46 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-05-17 01:51 . 2010-05-17 01:51 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\ZoomBrowser EX
2010-05-17 01:42 . 2010-05-17 01:42 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Canon
2010-05-17 01:31 . 2010-05-17 01:26 -------- d-----w- c:\program files\Canon
2010-05-17 01:29 . 2010-05-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-05-17 01:24 . 2010-05-17 01:24 -------- d-----w- c:\program files\Common Files\Canon
2010-05-15 01:03 . 2010-05-15 01:03 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Neat
2010-05-15 01:02 . 2010-05-15 01:02 -------- d-----w- c:\documents and settings\Richard Curcio\Application Data\Nuance
2010-05-15 00:59 . 2010-05-15 00:49 -------- d-----w- c:\program files\NeatWorks
2010-05-15 00:54 . 2010-05-15 00:49 -------- d-----w- c:\program files\Common Files\The Neat Company
2010-05-15 00:52 . 2010-05-15 00:52 -------- d-----w- c:\program files\Common Files\NeatReceipts
2010-05-15 00:51 . 2006-12-30 22:40 -------- d-----w- c:\program files\Common Files\Intuit
2010-05-15 00:49 . 2010-05-15 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\The Neat Company
2010-05-06 10:41 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 12:06 . 2006-12-31 20:14 4440 ----a-w- c:\documents and settings\Richard Curcio\Application Data\wklnhst.dat
2010-05-04 20:47 . 2010-05-04 20:47 -------- d-----w- c:\program files\AVIConverter
2010-05-02 05:22 . 2006-02-15 14:04 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 02:23 . 2010-03-24 21:25 -------- d-----w- c:\program files\eMedia Guitar Method
2010-04-20 05:30 . 2006-02-15 14:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:50 . 2009-09-25 18:54 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-31 12:54 . 2010-03-31 12:54 1 ----a-w- c:\documents and settings\Richard Curcio\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-30 18:15 . 2010-03-30 18:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-03-24 16:07 . 2010-03-07 22:44 88 --sh--r- c:\documents and settings\All Users\Application Data\CCDE9A0934.sys
2010-04-06 19:35 . 2010-04-06 19:35 27960 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-04-06 19:35 . 2010-04-06 19:35 126344 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-04-06 19:38 . 2010-04-06 19:38 98696 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-18_11.43.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-19 00:41 . 2010-06-19 00:41 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-19 00:43 . 2010-06-19 00:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-15 15:41 . 2010-06-19 00:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2010-06-18 10:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-15 15:41 . 2010-06-19 00:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-19 00:20 . 2010-06-19 00:19 153376 c:\windows\system32\javaws.exe
- 2010-03-11 21:00 . 2010-03-11 20:59 153376 c:\windows\system32\javaws.exe
+ 2010-06-19 00:20 . 2010-06-19 00:19 145184 c:\windows\system32\javaw.exe
- 2010-03-11 21:00 . 2010-03-11 20:59 145184 c:\windows\system32\javaw.exe
- 2010-03-11 21:00 . 2010-03-11 20:59 145184 c:\windows\system32\java.exe
+ 2010-06-19 00:20 . 2010-06-19 00:19 145184 c:\windows\system32\java.exe
+ 2010-06-19 00:19 . 2010-06-19 00:19 576000 c:\windows\Installer\2dc9add.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-10 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1147563008\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Joan Curcio\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\Richard Curcio\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FastTrackInstallerService"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [6/11/2010 5:46 PM 30320]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [6/11/2010 5:46 PM 61624]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/5/2010 11:54 PM 1201640]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [6/11/2010 5:45 PM 24400]
S2 0147701276896986mcinstcleanup;McAfee Application Installer Cleanup (0147701276896986);c:\docume~1\RICHAR~1\LOCALS~1\Temp\014770~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\RICHAR~1\LOCALS~1\Temp\014770~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [6/11/2010 5:45 PM 6385616]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [11/6/2007 10:06 PM 30848]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3C.tmp --> c:\windows\system32\3C.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0147701276896986MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-18 c:\windows\Tasks\Free Registry Fix.job
- c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe [2009-12-28 08:13]

2008-04-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4173988667.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2010-03-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-17 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://laptops.toshiba.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard Curcio\Application Data\Mozilla\Firefox\Profiles\hricnzzq.default\
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 09:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tixthosvdtiqmby]
"imagepath"="\??\c:\windows\TEMP\800.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\°*¬ 8*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5496)
c:\windows\system32\WININET.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-06-19 09:16:08
ComboFix-quarantined-files.txt 2010-06-19 13:16
ComboFix2.txt 2010-06-18 22:01
ComboFix3.txt 2010-06-18 11:51
ComboFix4.txt 2010-06-18 03:26

Pre-Run: 121,712,132,096 bytes free
Post-Run: 121,700,380,672 bytes free

- - End Of File - - 880ABB5E2E8E8AC276D3FCCB7C56442A


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 19 June 2010 - 03:53 PM

Hello devildog

Very well done!! clapping.gif This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 20 June 2010 - 10:15 AM

All is well now. I don't see any problems now. I can't believe how great this site is and how much help you have given me. I know it is free, but I have made a paypal donation. I hope I don't need it in the future, but it is great to know there is help like this available.

One final question, is there any value in using programs like MCAfee antivirus, and Spysweeper by webroot? I have subscriptions to them. Spysweeper has been Ok for some threats, ad cookies, and attacks, but it seems that McAfee doesn't find much or block much.

Your thoughts are appreciated.
Thank you VERY MUCH!!

Edited by devildog2126, 20 June 2010 - 10:16 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 21 June 2010 - 02:33 AM

Greetings

QUOTE
One final question, is there any value in using programs like MCAfee antivirus, and Spysweeper by webroot? I have subscriptions to them. Spysweeper has been Ok for some threats, ad cookies, and attacks, but it seems that McAfee doesn't find much or block much.
The way I feel about antiviruses is this, They are only as good as they are updated and used,
you can have the best antivirus in the world but if you don't update it and scan with it, it is useless. Me I don't like Mcafee because it interferes with our tools to much. But if you like the way it feels and if you keep it updated then it is perfect. webroot I have not tried as I use malwarebytes and I like that alot.

If you don't like Mcafee I can give you a small list of free antivirus that I do like and use.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 devildog2126

devildog2126
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 21 June 2010 - 06:26 AM

Your choices of free antivirus would be appreciated. I find that McAfee uses too much of the system's resources. I do update and scan weekly, but it rarely finds problems. Let me know your AV choices and we can close the topic with much appreciation.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users