Jump to content

labgrant

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. labgrant
    My wife's laptop recently lagged/hung on an oft used application. This prompted me to install and run mbam above and beyond MS essentials. The scan came back with two copies of backdoor.bot and lesser malware. All were quarantined (I cannot find the log file in the proper folder now) and a subsequent scan turned in a "CrossRider.A" which was also quarantined. How do I go about ensuring her machine is cleared up. I have attached the appropriate logs as per the sticky topic. Best, and thanks in advance Addition.txt FRST.txt
  2. labgrant
    Aces! Many thanks ... though I will miss the sweet Thundercat icon.
  3. labgrant
    Everything seems to be right as rain. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5567 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/21/2011 6:32:39 PM mbam-log-2011-01-21 (18-32-39).txt Scan type: Quick scan Objects scanned: 154842 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. labgrant
    Apologies, should have caught that.
  5. labgrant
    ComboFix 11-01-19.02 - Randy 01/21/2011 5:07.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1245 [GMT -5:00] Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . PEV Error: LocalSettingsFile ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 ))))))))))))))))))))))))))))))) . 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin 2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA% 2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator 2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache 2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader 2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946] "NDSTray.exe"="NDSTray.exe" [bU] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:09 PM 102448] S0 ccfp;ccfp;c:\windows\system32\drivers\xbpw.sys --> c:\windows\system32\drivers\xbpw.sys [?] S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888] S3 Plugversnp;Plugversnp;c:\windows\system32\rasdial.exe [8/21/2006 12:02 PM 11264] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\6ni0n1k3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-21 05:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(964) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3464) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-01-21 05:15:35 ComboFix-quarantined-files.txt 2011-01-21 10:15 ComboFix2.txt 2011-01-20 09:05 Pre-Run: 6,200,131,584 bytes free Post-Run: 6,169,530,368 bytes free - - End Of File - - 0B3E02C2146F63942C9E39340EC21A54
  6. labgrant
    Aces. Here you go: ComboFix 11-01-19.02 - Randy 01/21/2011 5:07.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1245 [GMT -5:00] Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . PEV Error: LocalSettingsFile ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 ))))))))))))))))))))))))))))))) . 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin 2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA% 2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator 2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache 2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader 2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946] "NDSTray.exe"="NDSTray.exe" [bU] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
  7. labgrant
    Search Toolbar did not come up in the installed programs list in Add or Remove. Quarantined by ComboFix, I restored Search Toolbar and ran the uninstaller. Sufficient?
  8. labgrant
    McAfee is deleted. How do I uninstall Search Toolbar? Delete? I only find it in quarantine.
  9. labgrant
    C:\Qoobox\Add-Remove Programs.txt: ABBYY Screenshot Reader Adobe AIR Adobe Creative Suite Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11 Adobe SVG Viewer 3.0 AiO_Scan_CDA AiOSoftwareNPI Amazon MP3 Downloader 1.0.5 BufferChm C3100 c3100_Help Compatibility Pack for the 2007 Office system ContentSAFER for Wizmax Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder Destinations DeviceManagementQFolder DivX Web Player DocProc DocProcQFolder EmoDio eSupportQFolder Evernote Farm Works Software Fax_CDA foobar2000 v0.9.6.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Product Assistant HP Solution Center 7.0 HP Update HPPhotoSmartExpress HPProductAssistant InstantShareDevicesMFC Java Auto Updater Java 6 Update 23 Java 6 Update 3 Lame ACM MP3 Codec Last.fm 1.5.4.27091 Linksys EasyLink Advisor LiveUpdate 3.3 (Symantec Corporation) Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works Move Media Player Mozilla Firefox (3.6.13) Mozilla Thunderbird (2.0.0.24) MSVC80_x86 MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec NewCopy_CDA OCR Software by I.R.I.S 7.0 PanoStandAlone PC Connectivity Solution Picasa 3 PowerISO Prezi Desktop ProductContextNPI Pure Networks Platform Readme Scan ScannerCopy Search Toolbar Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SMART Board Software SMART Essentials for Educators SolutionCenter Status Symantec Endpoint Protection Toolbox TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.9 WebEx Support Manager for Internet Explorer WebReg Windows Driver Package - Nokia Modem (03/05/2008 3.7) Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XviD MPEG-4 Video Codec
  10. labgrant
    McAfee
  11. labgrant
    I must prepare for school today. Have a good one.
  12. labgrant
    Thank you for taking my post. Here go; perhaps later you could direct on how to remove the vestiges of previous antivirus software? Many thanks in advance, ComboFix 11-01-19.02 - Randy 01/20/2011 3:47.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1282 [GMT -5:00] Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Randy\delme.bat c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA} c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome.manifest c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome\content\_cfg.js c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome\content\overlay.xul c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\install.rdf c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\windows\system32\muzapp.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_SSHNAS -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 ))))))))))))))))))))))))))))))) . 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes 2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin 2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA% 2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator 2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache 2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader 2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946] "NDSTray.exe"="NDSTray.exe" [bU] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:09 PM 102448] S0 ccfp;ccfp;c:\windows\system32\drivers\xbpw.sys --> c:\windows\system32\drivers\xbpw.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888] S3 Plugversnp;Plugversnp;c:\windows\system32\rasdial.exe [8/21/2006 12:02 PM 11264] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:8893 IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\6ni0n1k3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - HKCU-Run-ABBYY Screenshot Reader Retail - (no file) HKLM-Run-Iyoqaw - c:\windows\ekilosupukale.dll SafeBoot-Symantec Antvirus AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-20 03:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(976) c:\windows\system32\Ati2evxx.dll c:\windows\system32\CLBCATQ.DLL - - - - - - - > 'explorer.exe'(7868) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\acs.exe c:\windows\system32\Ati2evxx.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\java.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\TPSMain.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\program files\Microsoft ActiveSync\Wcescomm.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TPSBattM.exe . ************************************************************************** . Completion time: 2011-01-20 04:05:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-20 09:04 Pre-Run: 5,233,799,168 bytes free Post-Run: 5,850,353,664 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 3F7CBC21E011596BEBA5340F900F7385
  13. labgrant
    My PC crashed this morning with an automatic download of White Smoke software - despite updated norton I receive from work. I restarted in Safe Mode, regained network access, and installed your software again - as it was what I used prior to this event and shall again in the future. I ran a scan, cleaned a litany of threats, but reboot failed. I rebooted again in Safe Mode; a search of log items indicated a tdss. I downloaded a TDSS killer, scanned, and cleared a rootkit.tdss. My next reboot succeeded, scan came up clean, but I am not feeling too comfortable due to the swift efficiency of the bug. I hate to ask, "Am I clear?"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.