labgrant
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by labgrant
-
-
Aces! Many thanks ... though I will miss the sweet Thundercat icon.
-
Everything seems to be right as rain.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5567
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/21/2011 6:32:39 PM
mbam-log-2011-01-21 (18-32-39).txt
Scan type: Quick scan
Objects scanned: 154842
Time elapsed: 3 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Apologies, should have caught that.
-
ComboFix 11-01-19.02 - Randy 01/21/2011 5:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1245 [GMT -5:00]
Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
PEV Error: LocalSettingsFile
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin
2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator
2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache
2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader
2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"NDSTray.exe"="NDSTray.exe" [bU]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:09 PM 102448]
S0 ccfp;ccfp;c:\windows\system32\drivers\xbpw.sys --> c:\windows\system32\drivers\xbpw.sys [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888]
S3 Plugversnp;Plugversnp;c:\windows\system32\rasdial.exe [8/21/2006 12:02 PM 11264]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\6ni0n1k3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 05:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-21 05:15:35
ComboFix-quarantined-files.txt 2011-01-21 10:15
ComboFix2.txt 2011-01-20 09:05
Pre-Run: 6,200,131,584 bytes free
Post-Run: 6,169,530,368 bytes free
- - End Of File - - 0B3E02C2146F63942C9E39340EC21A54
-
Aces. Here you go:
ComboFix 11-01-19.02 - Randy 01/21/2011 5:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1245 [GMT -5:00]
Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
PEV Error: LocalSettingsFile
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin
2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator
2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache
2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader
2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"NDSTray.exe"="NDSTray.exe" [bU]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
-
Search Toolbar did not come up in the installed programs list in Add or Remove. Quarantined by ComboFix, I restored Search Toolbar and ran the uninstaller. Sufficient?
-
McAfee is deleted. How do I uninstall Search Toolbar? Delete? I only find it in quarantine.
-
C:\Qoobox\Add-Remove Programs.txt:
ABBYY Screenshot Reader
Adobe AIR
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
AiO_Scan_CDA
AiOSoftwareNPI
Amazon MP3 Downloader 1.0.5
BufferChm
C3100
c3100_Help
Compatibility Pack for the 2007 Office system
ContentSAFER for Wizmax
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Web Player
DocProc
DocProcQFolder
EmoDio
eSupportQFolder
Evernote
Farm Works Software
Fax_CDA
foobar2000 v0.9.6.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Java Auto Updater
Java 6 Update 23
Java 6 Update 3
Lame ACM MP3 Codec
Last.fm 1.5.4.27091
Linksys EasyLink Advisor
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (2.0.0.24)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
PC Connectivity Solution
Picasa 3
PowerISO
Prezi Desktop
ProductContextNPI
Pure Networks Platform
Readme
Scan
ScannerCopy
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SMART Board Software
SMART Essentials for Educators
SolutionCenter
Status
Symantec Endpoint Protection
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WebEx Support Manager for Internet Explorer
WebReg
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG-4 Video Codec
-
-
I must prepare for school today.
Have a good one.
-
Thank you for taking my post. Here go; perhaps later you could direct on how to remove the vestiges of previous antivirus software?
Many thanks in advance,
ComboFix 11-01-19.02 - Randy 01/20/2011 3:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1282 [GMT -5:00]
Running from: c:\documents and settings\Randy\Desktop\Combo-Fix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Randy\delme.bat
c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}
c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome.manifest
c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome\content\_cfg.js
c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\chrome\content\overlay.xul
c:\documents and settings\Randy\Local Settings\Application Data\{86284D7B-F8E4-429A-8767-0AEBAE7EF7CA}\install.rdf
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_SSHNAS
-------\Service_6to4
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2011-01-19 23:13 . 2011-01-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 23:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 23:13 . 2011-01-20 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 20:48 . 2011-01-19 20:48 0 ----a-w- c:\windows\Npesamecusuram.bin
2011-01-19 20:46 . 2011-01-19 20:46 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-19 17:38 . 2011-01-19 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-01-19 16:21 . 2011-01-19 16:39 -------- d-----w- c:\documents and settings\Administrator
2011-01-19 00:35 . 2011-01-19 00:35 -------- d-sh--w- c:\documents and settings\Randy\IECompatCache
2011-01-17 18:21 . 2011-01-17 18:53 -------- d-----w- c:\program files\ABBYY Screenshot Reader
2011-01-17 18:21 . 2011-01-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2006-08-21 17:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-06-25 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-12-09 21:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2006-08-21 17:02 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-08-21 17:02 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-08-21 17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-08-21 17:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-08-21 17:03 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"NDSTray.exe"="NDSTray.exe" [bU]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:09 PM 102448]
S0 ccfp;ccfp;c:\windows\system32\drivers\xbpw.sys --> c:\windows\system32\drivers\xbpw.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888]
S3 Plugversnp;Plugversnp;c:\windows\system32\rasdial.exe [8/21/2006 12:02 PM 11264]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8893
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\6ni0n1k3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ABBYY Screenshot Reader Retail - (no file)
HKLM-Run-Iyoqaw - c:\windows\ekilosupukale.dll
SafeBoot-Symantec Antvirus
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 03:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
- - - - - - - > 'explorer.exe'(7868)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\acs.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSMain.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Completion time: 2011-01-20 04:05:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-20 09:04
Pre-Run: 5,233,799,168 bytes free
Post-Run: 5,850,353,664 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3F7CBC21E011596BEBA5340F900F7385
-
My PC crashed this morning with an automatic download of White Smoke software - despite updated norton I receive from work. I restarted in Safe Mode, regained network access, and installed your software again - as it was what I used prior to this event and shall again in the future. I ran a scan, cleaned a litany of threats, but reboot failed. I rebooted again in Safe Mode; a search of log items indicated a tdss. I downloaded a TDSS killer, scanned, and cleared a rootkit.tdss. My next reboot succeeded, scan came up clean, but I am not feeling too comfortable due to the swift efficiency of the bug. I hate to ask, "Am I clear?"
Infected with backdoor.bot and others for the holidays
in Resolved Malware Removal Logs
Posted
My wife's laptop recently lagged/hung on an oft used application. This prompted me to install and run mbam above and beyond MS essentials. The scan came back with two copies of backdoor.bot and lesser malware. All were quarantined (I cannot find the log file in the proper folder now) and a subsequent scan turned in a "CrossRider.A" which was also quarantined. How do I go about ensuring her machine is cleared up. I have attached the appropriate logs as per the sticky topic.
Best, and thanks in advance
Addition.txt
FRST.txt