rhoneyman

Moi aussi. MWB won't open at all.mb-check-results.zipAttach.zip

Firefox, Here you go. Thanks. mb-check-results.zip

Now, it's just a question of when they'll fix the real-time switch that refuses to start. Been there, done that. They'll figure it out and do another release pretty soon, I'm guessing. BTW, I'm on 3.2.2. Can't tell if there's a release number beyond that.

I have an extremely vague recollection of an alert that MB was going to update. What, a couple of weeks ago? I didn't pay attention, because, well, you know, it's MB. It just does what it's supposed to do.

I went to examine an exe on my computer (skunkware, in that I can't uninstall it through normal means, and I'm not sure what my options are at this point), and discovered MWB was no longer on my computer. Weird and weirder. It's reinstalled, but that's a head scratcher.

Ok. I was finally able to reboot, and was able to turn on the real time web site analysis. Color me happy.

The fix was a welcome relief. However, now Web Protection is off and can't be turned back on (although I haven't tried a reboot; that'll come as soon as McAfee scan completes - why would that take a whole day?!?). Was the fix to turn off the engine that is supposed to protect against - and trigger the out of control popup - dangerous web sites?

Ditto to all the above. Kind of annoying...

Once I found my original Cleverbridge receipt, everything went well.

Hi. I've been consumed by the Jewish holidays. No more major ones for six months. !!! Anyway,... VPN does not affect ptp networks. If you've set up the VPN to allow access by a ptp network (Skype, for example), the network will have access to your processor as long as you're actively logged into the network. Disengage (i.e., close the app) and the network can no longer see you. That's not sufficient for me. I'm lazy. Skype will always be on and activity will run over the Skype pipe through my computer. It should be completely benign but I'm guessing that the bizarre East European sites that Anti-Malware was blocking were all completely benign since they were transmissions being run through the Skype pipe. The risk, of course, is that someone out there is working on ways to pierce through the Skype defenses. When they do, they'll have the ability to slam massive numbers of boxes. So, with all that, I've decided that VPN is not a necessary addition. I wouldn't mind it but I'm not willing to pay for it at this point. Also, Skype is too irksome, if not potentially (infinitesimally, according to some), risky. My son living in Israel and I have agreed to use Google+ to hang out in. I believe that while running our feed through G+, we're running through their network without having to share resource with strangers. Color me stingy but if I want to give up part of my (very) limited computing resource, I'd rather give to SETI.org, not Skype. But, hey. That's just me. And with that, I think it's time to close this one out. Good chatting with you, Chris. Thanks for all the help. Best regards, Bob Honeyman

I reset the router to the dd-wrt defaults and the scripting errors disappeared. Thanks for reminding me to remember the obvious (doh!) I hate those things I should have thought of myself. :7) Further research into Skype gives a partial answer to what's going on there. Skype is a distributed peer-to-peer network much like Napster, Gnutella, and Spotify (the next greatest thing according to my adult-who-should-know-better kids). They are able to control the cost of computing infrastructure by making everyone who signs up agree to allow Skype to take excess processing resource whenever it's needed and available. This actually reminds me more of SETI (Search for Extraterrestrial Intelligence) - http://www.seti.org/ - than of music pirating, uh, I mean sharing - with the caveat that SETI is noncommercial, scientific and upfront about use of bandwidth. (Skype buries that sucking resource piece in the body of their EUL.) Thus, as long as a computer is logged into Skype, there will be traffic along the Skype pipe from all over the world. Although I'm unable to confirm this, I'm guessing that even the questionable IP addresses blocked by Anti-Malware while running through the Skype pipe are benign. However, I was not aware when I signed up for Skype that I was agreeing to integrating into their infrastructure. Now that I know this, I'm considering my options. I don't really care about the geography lesson a review of Skype traffic across my processor offers. However, I do care about sharing my limited cycles and bandwidth with folks I don't know, especially since I think I now understand why I had to rename this box Fido. I'm guessing Skype defines "available resource" in instantaneous slices per its own needs. It wouldn't surprise me if there are times where even as my processor pauses to catch its breath, Skype jumps out from behind the bushes to prevent another slacker on their network, effectively taking away resource that I will need following that (interrupted) processing pause. I don't know how long a Skype moment lasts, but I'm guessing that I could be fighting Skype much of the time I'm working. At any rate, I'm trying to figure out if setting up a vpn will solve that problem. The vpn approach is actually a terrific idea anyway (assuming functional software) as it reintroduces the womb effect to computing sessions. Much of the crap that is intercepted by AVG and ZoneAlarm might actually disappear if I'm able to use a vpn as a cloaking shield. The only question vis-a-vis Skype is whether I can also use the vpn to kick Skype off my property between explicit invitations. That's my next bit of research. And, of course, there's the question of how much latency gets added to every inbound or outbound callout while working from within the womb. Anyway, I'm in really good shape, thanks to your help, Chris. If you want to close this one, feel free. Or, if you're interested in what I come up with regarding using a vpn, I'll report back. Right now I'm considering two options: vpn4all (www.vpn4all.com), which has gotten decent reviews but is a paid hosting service; and setting up a vpn with my son in Israel, letting him host on his Linux box and then using something like Shrew as the client. I'm also looking at dumping Skype and using an open source solution such as Linphone (www.linphone.org), assuming it's not too far beyond my ken to set up myself and my colleagues. Thanks again. Best regards, Bob

OMG!!! Someone who actually has a clue! I've searched for days trying to find someone, anyone, to give me some hint of what the hell has been causing the scripting errors. Son of a bitch! Ok. I'm direct connected and the problem is finally solved. I probably could have avoided the repair debacle and the all nighter trying to rebuild by silly box. I've seen all sorts of folks asking the question and you are the only person I've come across who asked the right question. Yes. I was hardwired to my wireless router. I think I had even turned off the firewall within the router. But it does make sense. This happened to me a year or two ago when for a short period of time I tried staying hardwired. I never even noticed that going back to a wireless connection solved the problem for me - although, I'm not sure why that would make a difference. One more thing to test. At any rate, I'm running ddwrt firmware on a D-Link router. I went hard because I was losing 75% of the expected performance when running through the ether. I decided it wasn't worth wasting any more time on: just plug in. Well, now I'll have to play around a figure out what's causing the fubar. Any ideas? Man, I am so frigging thrilled. You've made my week. Hell, month. Thanks. More than thanks. If you have any thoughts on what conditions in the router setup I might want to test, please let me know. Thanks again, Chris! Best regards, Bob

Couldn't have been worse. I tried a half dozen times and each time the box froze. Or couldn't get past the MS authentication. Finally, it split the HDD into two parts creating a partition holding 98% of the space. I had to reformat. Fortunately everything (or, almost everything) was backed up on my external HDD. However, I'm still getting script errors on IE8. And, I'm unable to run updates. It finally occurred to me this morning walking home from shul that whatever is wrong with this box must be residing in the boot sector, hidden away from anything trying to clean it out. I seem to recall seeing a utility out there that can address that during boot. I imagine I'd have to burn a CD on a clean machine to do a proper scan. Or, I have a clean image file sitting on Dropbox. I could burn it on a clean CD and see if that gets me past the problem. I *was* able to deep test both the HDD and physical memory. Both passed.I think the best approach is to run a clean bootscan. I'll look around and see what I can find in case you're unable to respond quickly. If that turns up negative, I'll try to pull out my hair. I still have one or two tiny fragments sitting up there.

Chris, Script errors won't let me upload the file. I'm going to restore XP, hoping that will fix the mess aka my registry. I'm currently backing up. I should have that up by the end of the day, either via ie8 or Opera, if the restore fails to fix the scripting problems.

Not sure if the attached will answer any questions. I don't have the eye or the instincts/knowledge to tell if there's anything to see. I uninstalled Skype and, of course, the problem has disappeared. I ran through the various cleaning agents; I'm satisfied there's nothing actively malignant left on my computer. But now I'm unable to run IE8 cleanly. I figured that MS would be little help in tracking down the problem so I did a fresh install of IE8. After loading all the security updates, I'm now unable to access cleanly update.microsoft.com or whatever the website is. Plus, I continue to get page errors. (As an example, this page generates the following: Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Timestamp: Tue, 13 Sep 2011 02:50:55 UTC Message: 'ipb' is undefined Line: 4339 Char: 3 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'Loader' is undefined Line: 4389 Char: 4 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'ipb' is undefined Line: 4690 Char: 1 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'ipb' is undefined Line: 4728 Char: 2 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'ipb' is undefined Line: 4757 Char: 2 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'ipb' is undefined Line: 4874 Char: 3 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: 'ipb' is undefined Line: 4479 Char: 3 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267 Message: Object expected Line: 4907 Char: 47 Code: 0 URI: http://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=reply_post&f=7&t=94267) I'm not looking for a cure from here but I have a bald spot where I've been scratching my head... Back to Skype: I cleared all folders, files, etc. having anything to do with Skype, just in case something evil was hiding. I removed all reference to Skype from the register, to prevent some sort of backdoor way to mess with me. But, now I'm in complete agreement with you on this one. My firewall (I'm running through a wireless router so I have the potential of setting up a hardware-based firewall, but I'm clueless...) did nothing to stop anything coming out of Skype. I'm guessing AntiMalWare only stops transmissions with inconsistent headers. So, transmissions to bad countries with clean headers have been able to get through. I don't have any idea what sort of information might be attached but a review of the size packets sent indicates not much has been moving. At this point, it looks like mere polling and confirmation. Still, I'm guessing my location/address/identity is sufficiently confirmed that reinstalling Skype into a clean environment will result in a resumption of those transmissions. So, I'm inclined to find some other solution. Or buy a new computer and have my sone turn this one into a Linux box. Do you agree that Skype is now off-limits? Unless there's a way to force Skype to let me know about - and approve - anything occurring across their code, I can't see a way of proactively controlling trolling. Thanks again for your ear and your help.

Let me clarify: I captured all the activity processed (some 3,200 or so) during that one second interval. I tried to pull more but froze when I got greedy (one minute either side of the event...) I see that there's a Skype upgrade out there. If it's the problem, perhaps the upgrade fixes the vulnerability. I'd still like to know what's driving transmission to evil sites. I've downloaded the toolbox from Microsoft's Sysinternals desk. I'm trying to understand what I'm supposed to be looking for to chase this phantom. Unless you're suggesting that a flaw in Skype has allowed it to become infected. That would make sense. If that's the case, how to remediate? And, as I was typing that, the upgraded Skype loaded and another nasty was captured. Although, this doesn't happen everytime Skype loads. Just weird...

I captured all processes during one of these. I have everything happening during the second that Anti-Malware reports taking action. It's on an Excel spreadsheet. Should I upload it? Would that help?

yes...

Thanks, Chris. I'm certain you're correct about that. I'm trying to capture the moment Anti-Malware prevents an unwanted connection using security audits (can't really see anything useful) and MS Process Monitor. Unfortunately, the three incidents that occurred in the last while came while ProcMon was not running. Anyway, with luck, you'll be able to glean something useful from the attach.txt info. I'm reading your post as telling me to copy/paste the file rather than attach. If I read that wrong, sorry. Here it is: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/11/2008 11:36:31 AM System Uptime: 9/6/2011 11:00:59 PM (17 hours ago) . Motherboard: TOSHIBA | | EBQ10 Processor: Intel® Pentium® M processor 1.73GHz | U1 | 1729/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 93 GiB total, 32.027 GiB free. D: is CDROM () E: is CDROM (CDFS) F: is FIXED (NTFS) - 465 GiB total, 364.288 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 8/31/2011 8:55:38 AM - System Checkpoint RP2: 9/3/2011 11:43:48 PM - ComboFix created restore point RP3: 9/6/2011 3:17:29 PM - Software Distribution Service 3.0 RP4: 9/6/2011 5:19:12 PM - Made by Regsofts RP5: 9/6/2011 6:16:19 PM - DriverScanner - 9/6/2011 6:15:38 PM . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe Acrobat 8 Professional Adobe Acrobat 8.3.0 - CPSID_83708 Adobe Acrobat 8.3.0 Professional Adobe Flash Player 10 ActiveX AIM 7 AirPort Akamai NetSession Interface AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner CD/DVD Drive Acoustic Silencer Copy DataCore SANmelody 2.0.4.2 DataCore UpTempo 1.3.0 Dell Touchpad Destination Component DeviceDiscovery DeviceManagementQFolder Diskeeper 2009 Professional DivX Setup DocProc Download Updater (AOL LLC) Dropbox DVD-RAM Driver eFax Messenger ESET Online Scanner v3 eSupportQFolder Exact Audio Copy 1.0beta2 FLEXnet Publisher License Server Manager foobar2000 v1.1.7 Free Window Registry Repair FreeConference Outlook Conference Manager Freeze.com NetAssistant Fujitsu COBOL Free Run-time Gimp 2.6.2 Debug Google Advertising Cookie Opt-out Google Earth Google Earth Plug-in Google Talk Plugin Google Update Helper Google Updater GoToMeeting 4.8.0.723 GPBaseService HashTab 3.0.0 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB954550-v5) HP Customer Participation Program 10.0 HP Imaging Device Functions 10.0 HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 2.5 HP Product Detection HP Smart Web Printing HP Solution Center 10.0 HP Update HPDiagnosticAlert HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply HxD Hex Editor version 1.7.7.0 ImgBurn InstallIQ Updater Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software Java Auto Updater Java 6 Update 27 Kaluach3 LiveUpdate 3.3 (Symantec Corporation) Logitech Updater Logitech Vid HD Logitech Webcam Software Logitech Webcam Software Driver Package M86Security Secure Browsing Malwarebytes' Anti-Malware version 1.51.1.1800 MarketResearch mCore mDrWiFi mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Dynamics NAV 2009 ODBC Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook Web Access S/MIME Microsoft Report Viewer Redistributable 2008 (KB971118) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Media Video 9 VCM mIWA mLogView mMHouse mPfMgr mPfWiz mProSafe MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mWlsSafe mXML mZConfig NetAssistant Norton PC Checkup OCR Software by I.R.I.S. 10.0 OGA Notifier 2.0.0048.0 Outlook Express Quick Backup PanoStandAlone PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PS_AIO_05_C4600_Software_Min PSSWCORE Quicken 2010 Quicken WillMaker Plus 2010 QuickTime RealData Calculator - Free Edition Realtek AC'97 Audio RealUpgrade 1.0 Sansa Updater Scan Secunia PSI (2.0.0.3003) Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft Office 2007 System (KB2541012) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2541007) Security Update for Microsoft Office Groove 2007 (KB2494047) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923789) Shop for HP Supplies Skype Toolbars Skype™ 5.3 SmartWebPrintingOC SolutionCenter Spell Checker For OE 2.1 Spotify Status SUPERAntiSpyware Symantec Endpoint Protection TaxACT 2007 TaxACT 2008 TaxACT 2009 TaxACT 2009 Michigan TaxACT 2010 TaxACT 2010 Michigan Toolbox TOSHIBA Power Saver TOSHIBA SD Memory Card Format TOSHIBA Software Modem Toshiba Tbiosdrv Driver TOSHIBA Virtual Sound TouchPad On/Off Utility Transend Migrator TrayApp TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Uniblue DriverScanner Uniblue PixelPerfect Uniblue PowerSuite Uniblue RegistryBooster Uniblue SpeedUpMyPC UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft Windows (KB971513) Update for Outlook 2007 Junk Email Filter (KB2586924) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2492386) Update for Windows XP (KB2607712) Utility Common Driver VBA (3821b) VC80CRTRedist - 8.0.50727.4053 VideoToolkit01 WebFldrs XP WebLog Expert Lite 7.4 WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Resource Kit Tools Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Xvid Video Codec . ==== Event Viewer Messages From Past Week ======== . 9/6/2011 9:32:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 9/6/2011 8:11:32 PM, error: DcsCap [71] - The DataCore Capability driver has encountered an error while processing a message from requestor Id 14. This message was to be delivered for Data Structure update of record type 10. Therefore the storage server's status display tool might become inconsistent. DataCore Support should be contacted in order to obtain the correct procedure to resolve this issue. 9/6/2011 8:09:58 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Virtual CDROM USB Device. 9/6/2011 3:27:33 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2011 3:27:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secunia Update Agent service to connect. 9/4/2011 6:19:57 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/4/2011 2:35:30 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1. 9/4/2011 12:06:00 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 9/4/2011 12:04:06 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 12:02:57 AM, error: Print [23] - Printer HP Photosmart Prem C410 series fax failed to initialize because a suitable HP Photosmart Prem C410 series fax driver could not be found. 9/4/2011 12:00:06 AM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. 9/3/2011 11:59:00 PM, error: DcsCache [12] - The DataCore Cache driver failed to load (error creating device). This is probably the result of a critical shortage of system resources. 8/31/2011 4:28:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/31/2011 4:28:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 8/31/2011 4:25:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 8/31/2011 12:46:44 PM, error: System Error [1003] - Error code 100000d4, parameter1 a260c968, parameter2 00000002, parameter3 00000000, parameter4 804e63b9. . ==== End Of File ===========================

ComboFix 11-09-03.01 - rhoneyman 09/04/2011 0:16.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.953 [GMT -4:00] Running from: c:\documents and settings\rhoneyman\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\DcsInstallTasks.exe.18c9ec7b.ini c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\DcsInstallTasks.exe.322f85d.ini c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\DcsIscsi.exe.a39d250f.ini.inuse c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\rhoneyman\Local Settings\Application Data\ApplicationHistory\Regasm.exe.11f1da13.ini c:\windows\system32\lvci11801048.dll c:\windows\system32\lvci1201278.dll c:\windows\system32\RC00C140.dll c:\windows\system32\RC95E140.DLL . . ((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 ))))))))))))))))))))))))))))))) . . 2011-09-01 21:03 . 2011-09-01 21:03 -------- d-----w- C:\Diskeeper 2011-08-31 16:55 . 2011-08-31 16:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics 2011-08-31 15:04 . 2011-08-31 15:05 -------- d-----w- C:\Old System ini_broken maybe 2011-08-31 08:58 . 2011-08-31 08:58 -------- d-----w- c:\program files\ESET 2011-08-31 02:02 . 2011-08-31 02:02 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\SUPERAntiSpyware.com 2011-08-31 02:00 . 2011-08-31 02:02 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-31 02:00 . 2011-08-31 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-08-30 14:31 . 2011-08-30 14:31 -------- d-----w- c:\program files\Windows Resource Kits 2011-08-30 04:30 . 2011-08-30 04:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes 2011-08-29 04:30 . 2011-08-29 04:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes 2011-08-28 16:22 . 2011-09-04 03:06 -------- d-----w- c:\documents and settings\rhoneyman\.gimp-2.6 2011-08-28 16:22 . 2011-08-28 16:22 -------- d-----w- c:\documents and settings\rhoneyman\.gegl-0.0 2011-08-28 11:33 . 2011-08-28 11:33 -------- d-----w- c:\program files\Common Files\Java 2011-08-28 10:12 . 2011-08-28 10:12 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Finjan 2011-08-28 10:12 . 2011-08-28 10:12 -------- d-----w- c:\program files\M86Security Secure Browsing 2011-08-26 13:47 . 2011-08-26 13:49 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Tific 2011-08-26 13:47 . 2011-08-26 13:47 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Tific 2011-08-26 13:46 . 2011-08-26 13:46 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup 2011-08-26 13:46 . 2011-08-26 13:46 -------- d-----w- c:\program files\Norton PC Checkup 2011-08-26 13:46 . 2011-08-26 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-08-26 13:46 . 2011-08-26 13:46 -------- d-----w- c:\program files\NortonInstaller 2011-08-25 17:53 . 2011-08-25 17:53 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Microsoft Help 2011-08-25 05:12 . 2010-06-24 20:04 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys 2011-08-25 05:12 . 2011-08-25 05:12 -------- d-----w- c:\program files\Iomega 2011-08-24 18:05 . 2011-08-30 05:55 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\ImgBurn 2011-08-24 18:03 . 2011-08-24 18:03 -------- d-----w- c:\program files\ImgBurn 2011-08-24 16:19 . 2011-08-24 16:19 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\DriverCure 2011-08-24 16:19 . 2011-08-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2011-08-24 14:43 . 2011-08-15 11:13 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-08-24 03:07 . 2011-07-19 06:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-08-24 02:27 . 2011-08-24 02:29 -------- d-----w- c:\program files\QuickTime 2011-08-24 02:22 . 2011-08-24 02:22 -------- d-----w- c:\program files\Apple Software Update 2011-08-24 02:18 . 2011-08-24 02:18 -------- d-----w- c:\program files\AirPort 2011-08-24 01:56 . 2011-08-24 01:57 -------- d--h--w- c:\program files\Zero G Registry 2011-08-23 18:53 . 2011-08-23 18:53 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Malwarebytes 2011-08-23 18:52 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-23 18:52 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 18:27 . 2011-08-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-08-23 18:15 . 2011-08-23 18:15 -------- d-----w- c:\program files\Common Files\xing shared 2011-08-23 17:09 . 2011-08-23 17:09 -------- d-----w- c:\windows\Hewlett-Packard 2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Secunia PSI 2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files\Secunia 2011-08-23 05:04 . 2011-09-04 03:06 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\gtk-2.0 2011-08-22 01:40 . 2011-08-22 01:40 388096 ----a-r- c:\documents and settings\rhoneyman\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-22 01:40 . 2011-08-22 01:40 -------- d-----w- c:\program files\Trend Micro 2011-08-12 11:25 . 2011-08-12 17:20 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\foobar2000 2011-08-12 04:15 . 2011-08-12 04:15 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\EAC 2011-08-12 04:15 . 2011-08-12 11:19 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\AccurateRip 2011-08-11 15:35 . 2011-08-11 15:35 -------- d-----w- c:\program files\Process Monito 2011-08-11 15:04 . 2011-05-17 09:18 632656 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-11 06:18 . 2011-08-11 06:18 -------- d-----w- c:\program files\Reference Assemblies 2011-08-11 05:08 . 2011-08-11 05:10 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Spotify 2011-08-11 05:08 . 2011-08-11 05:08 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Spotify 2011-08-11 03:56 . 2011-08-11 03:56 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\ElevatedDiagnostics 2011-08-11 01:05 . 2011-08-11 01:05 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Windows Search 2011-08-10 23:49 . 2011-08-10 23:49 -------- d-sh--w- c:\documents and settings\rhoneyman\PrivacIE 2011-08-10 23:49 . 2011-08-10 23:49 -------- d-sh--w- c:\documents and settings\rhoneyman\IECompatCache 2011-08-10 20:28 . 2011-08-10 20:28 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Conference Manager 2011-08-10 17:58 . 2011-08-10 17:58 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\OneNote 2011-08-10 17:47 . 2011-08-10 17:47 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\LogiShrd 2011-08-10 17:47 . 2011-08-10 18:26 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Kaluach 3 2011-08-10 17:47 . 2011-08-10 17:47 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\iLinc 2011-08-10 17:46 . 2011-08-10 18:38 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Identities 2011-08-10 17:42 . 2011-08-15 16:55 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Google 2011-08-10 17:41 . 2011-08-10 17:41 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Downloaded Installations 2011-08-10 17:41 . 2011-08-15 16:55 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Deployment 2011-08-10 17:41 . 2011-08-10 17:41 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Apple Computer 2011-08-10 17:41 . 2011-08-24 02:15 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Apple 2011-08-10 17:41 . 2011-08-10 17:41 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\AOL OCP 2011-08-10 17:41 . 2011-08-10 17:41 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\AOL 2011-08-10 17:40 . 2011-08-10 18:12 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\AIM 2011-08-10 17:37 . 2011-08-12 15:28 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\DivX 2011-08-10 17:37 . 2011-08-10 20:13 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\eFax Messenger 2011-08-10 17:36 . 2011-08-10 17:36 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\HP 2011-08-10 17:36 . 2011-08-23 17:10 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\HpUpdate 2011-08-10 17:36 . 2011-08-10 17:36 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Intel 2011-08-10 17:36 . 2011-08-10 17:36 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\j2 Global 2011-08-10 17:34 . 2011-08-10 17:34 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Office Genuine Advantage 2011-08-10 17:33 . 2011-08-10 17:33 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Mael 2011-08-10 17:33 . 2011-08-10 17:33 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Quicken WillMaker 2011-08-10 17:28 . 2011-08-10 20:19 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\skypePM 2011-08-10 17:28 . 2011-08-10 17:28 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Toshiba 2011-08-10 17:27 . 2011-08-10 17:27 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Trusteer 2011-08-10 17:27 . 2011-08-11 05:15 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Uniblue 2011-08-10 17:27 . 2011-08-10 17:27 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\webex 2011-08-10 17:27 . 2011-08-10 17:27 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Windows Desktop Search 2011-08-10 17:27 . 2011-08-10 17:27 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Apple Computer 2011-08-10 17:27 . 2011-08-10 17:27 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\acccore 2011-08-10 17:23 . 2011-08-10 17:40 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Adobe 2011-08-10 17:16 . 2011-08-10 17:16 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\Intuit 2011-08-10 17:11 . 2011-08-10 17:48 -------- d-----w- c:\documents and settings\rhoneyman\Local Settings\Application Data\Symantec 2011-08-10 17:07 . 2011-08-10 17:07 -------- d-----w- c:\documents and settings\rhoneyman\Application Data\TuneUp Software 2011-08-09 00:58 . 2011-08-21 23:28 -------- d-----w- c:\program files\Free Window Registry Repair 2011-08-09 00:21 . 2011-08-28 17:17 -------- d-----w- c:\program files\CCleaner 2011-08-08 23:56 . 2011-08-08 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-24 19:31 . 2011-01-25 18:01 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2011-08-24 19:29 . 2011-01-25 18:01 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2011-08-15 17:10 . 2008-11-10 17:21 106496 ----a-w- c:\windows\DUMPf2ad.tmp 2011-08-15 11:19 . 2011-06-29 15:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-08-11 03:57 . 2011-06-10 03:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 09:05 . 2010-05-11 10:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10 . 2008-11-11 16:28 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-24 13:37 . 2011-06-24 13:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2011-06-24 13:37 . 2010-10-04 05:24 114616 ----a-w- c:\windows\system32\Vxdif.dll 2011-06-24 13:37 . 2010-10-04 05:24 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-02-06 13:30 . 2011-02-06 13:29 0 ----a-w- c:\program files\Common Files\admintool.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\NetAssistant\NetAssistant.dll" [2010-11-09 371320] . [HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}] [HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1] [HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}] [HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] 2010-11-09 14:21 371320 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rhoneyman\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rhoneyman\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rhoneyman\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rhoneyman\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-05-10 1205760] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] "eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728] "TPSMain"="TPSMain.exe" [2004-12-28 270336] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-11-11 115560] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-06-24 292208] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358] "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-04-30 460048] . c:\documents and settings\rhoneyman\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\rhoneyman\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] OneNote Table Of Contents.onetoc2 [2011-8-11 3656] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] SANmelody Startup.lnk - c:\program files\DataCore Software\SANmelody\DcsShMon.exe [2009-5-5 198048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 41 (0x29) "ForceStartMenuLogOff"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite] 2011-07-18 20:08 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Xvid"=c:\program files\Xvid\CheckUpdate.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Aim"="c:\program files\AIM\aim.exe" /d locale=en-US "Google Update"="c:\documents and settings\rhoneyman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "ctfmon.exe"=c:\windows\system32\ctfmon.exe "QuickenScheduledUpdates"=c:\program files\Quicken\bagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HotKeysCmds"=c:\windows\system32\hkcmd.exe "TPNF"=c:\program files\TOSHIBA\TouchPad\TPTray.exe "DcsTmTray"="c:\program files\DataCore Software\UpTempo\DcsTmTray.exe" "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot "IgfxTray"=c:\windows\system32\igfxtray.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "QuiKProtect"=c:\program files\Iomega\QuikProtect\StartQuikProtect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\WINDOWS\\system32\\searchprotocolhost.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Documents and Settings\\rhoneyman\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= "c:\\Documents and Settings\\rhoneyman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\AirPort\\APAgent.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "25:TCP"= 25:TCP:email "25:UDP"= 25:UDP:email1 "9100:TCP"= 9100:TCP:PORT_9100_TCP "161:UDP"= 161:UDP:PORT_161_UDP "5353:UDP"= 5353:UDP:Bonjour "1787:TCP"= 1787:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 DcsCf;DataCore Disk Cache;c:\windows\system32\drivers\DcsCf.sys [5/5/2009 12:25 PM 94288] R0 DcsFcEng;DataCore Fibre Channel Engine Driver;c:\windows\system32\drivers\DcsFcEng.sys [5/5/2009 1:16 PM 288464] R0 DcsPerf;DataCore Disk Performance Driver;c:\windows\system32\drivers\DcsPerf.sys [5/5/2009 1:16 PM 15824] R0 DcsPMF;DataCore Partition Management;c:\windows\system32\drivers\DcsPMF.sys [5/5/2009 1:16 PM 65872] R0 DcsPoll;DataCore Poller Driver;c:\windows\system32\drivers\DcsPoll.sys [5/5/2009 1:16 PM 18512] R0 DcsShim;DataCore Scsi Shim Driver;c:\windows\system32\drivers\DcsShim.sys [5/5/2009 1:16 PM 67408] R0 DcsSp;DataCore SCSI Driver;c:\windows\system32\drivers\DcsSp.sys [5/5/2009 1:16 PM 154320] R0 DcsSup;DataCore Support Driver;c:\windows\system32\drivers\DcsSup.sys [5/5/2009 1:16 PM 49104] R0 DcsTracer;DataCore Tracer Driver;c:\windows\system32\drivers\DcsTracer.sys [5/5/2009 1:16 PM 64464] R1 DcsCap;DataCore Capability;c:\windows\system32\drivers\DcsCap.sys [5/5/2009 1:16 PM 238672] R1 DcsHa;DataCore High Availability;c:\windows\system32\drivers\DcsHa.sys [5/5/2009 1:16 PM 84176] R1 DcsSdc;DataCore Domain;c:\windows\system32\drivers\DcsSdc.sys [5/5/2009 1:16 PM 43600] R1 DcsState;DataCore System State;c:\windows\system32\drivers\DcsState.sys [5/5/2009 1:16 PM 27856] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 8:00 AM 14336] R2 DcsSDS;DataCore Storage Domain Server;c:\program files\DataCore Software\SANmelody\DcsSds.exe [5/5/2009 1:16 PM 521632] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/23/2011 2:52 PM 366640] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/26/2011 9:46 AM 120248] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/26/2011 9:46 AM 126392] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [8/15/2011 7:16 AM 1526080] R3 DcsiMgr;DataCore iScsi Manager Driver;c:\windows\system32\drivers\DcsiMgr.sys [5/5/2009 1:16 PM 207184] R3 DcsIs;DataCore Software iScsi Driver;c:\windows\system32\drivers\DcsIs.sys [5/5/2009 1:16 PM 167504] R3 DcsNULL;DataCore Null FCP Port Driver;c:\windows\system32\drivers\DcsNull.sys [5/5/2009 1:16 PM 20560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2011 1:05 AM 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2011 2:52 PM 22712] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2/10/2011 10:22 AM 10064] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:52 PM 41272] S1 DcsCache;DataCore Cache;c:\windows\system32\drivers\DcsCache.sys [5/5/2009 1:16 PM 60496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 DcsStart;DataCore Start Service;c:\program files\DataCore Software\SANmelody\DcsStart.exe [5/5/2009 1:16 PM 152992] S2 gupdate1c9da0d7e6556ba;Google Update Service (gupdate1c9da0d7e6556ba);c:\program files\Google\Update\GoogleUpdate.exe [5/21/2009 8:13 AM 133104] S2 ose32;Office Source Engine ; [x] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/11/2009 12:52 PM 23888] S3 DcsRcmd;DataCore Remote Command Service;c:\program files\DataCore Software\SANmelody\DcsRcmd.exe [5/5/2009 1:16 PM 140712] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/21/2009 8:13 AM 133104] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544] S3 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [6/24/2010 4:04 PM 247088] S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [8/25/2011 1:12 AM 19384] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 DcsTmSvc;DataCore UpTempo;c:\program files\DataCore Software\UpTempo\DcsTmSvc.exe [5/5/2009 12:25 PM 75168] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-09-02 c:\windows\Tasks\User_Feed_Synchronization-{47D06254-0040-476E-9B31-03180AC5A720}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: advpa.com\www Trusted Zone: apple.com\www Trusted Zone: barclaycardus.com\www Trusted Zone: chase.com\cards Trusted Zone: google.com\www Trusted Zone: target.com\rcam Trusted Zone: target.com\www Trusted Zone: usatoday.com\puzzles Trusted Zone: verizonwireless.com\www Trusted Zone: wachovia.com\www TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-04 00:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-484763869-220523388-1417001333-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Services\mirror\MK*] "Attach.ToDesktop"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1248) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2011-09-04 00:44:56 ComboFix-quarantined-files.txt 2011-09-04 04:44 ComboFix2.txt 2011-08-28 16:08 . Pre-Run: 35,553,316,864 bytes free Post-Run: 35,617,226,752 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - EF535DEE9C2DF9B2C690658AD8C54348 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by rhoneyman at 1:02:46 on 2011-09-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1031 [GMT -4:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\System32\svchost.exe -k Akamai svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DataCore Software\SANmelody\DcsSds.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\AirPort\APAgent.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DataCore Software\SANmelody\DcsShMon.exe C:\Documents and Settings\rhoneyman\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [TPSMain] TPSMain.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 12.0.1278.0 StartupFolder: c:\docume~1\rhoney~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rhoneyman\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\documents and settings\rhoneyman\start menu\programs\startup\OneNote Table Of Contents.onetoc2 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sanmel~1.lnk - c:\program files\datacore software\sanmelody\DcsShMon.exe uPolicies-explorer: MaxRecentDocs = 41 (0x29) uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) mPolicies-system: HideShutdownScripts = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: advpa.com\www Trusted Zone: apple.com\www Trusted Zone: barclaycardus.com\www Trusted Zone: chase.com\cards Trusted Zone: google.com\www Trusted Zone: target.com\rcam Trusted Zone: target.com\www Trusted Zone: usatoday.com\puzzles Trusted Zone: verizonwireless.com\www Trusted Zone: wachovia.com\www DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netsuitemeeting.webex.com/client/T26LSP49EP12/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{45193AB9-07F5-46FC-BA7E-E6D0C8AE3B2B} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 DcsCf;DataCore Disk Cache;c:\windows\system32\drivers\DcsCf.sys [2009-5-5 94288] R0 DcsFcEng;DataCore Fibre Channel Engine Driver;c:\windows\system32\drivers\DcsFcEng.sys [2009-5-5 288464] R0 DcsPerf;DataCore Disk Performance Driver;c:\windows\system32\drivers\DcsPerf.sys [2009-5-5 15824] R0 DcsPMF;DataCore Partition Management;c:\windows\system32\drivers\DcsPMF.sys [2009-5-5 65872] R0 DcsPoll;DataCore Poller Driver;c:\windows\system32\drivers\DcsPoll.sys [2009-5-5 18512] R0 DcsShim;DataCore Scsi Shim Driver;c:\windows\system32\drivers\DcsShim.sys [2009-5-5 67408] R0 DcsSp;DataCore SCSI Driver;c:\windows\system32\drivers\DcsSp.sys [2009-5-5 154320] R0 DcsSup;DataCore Support Driver;c:\windows\system32\drivers\DcsSup.sys [2009-5-5 49104] R0 DcsTracer;DataCore Tracer Driver;c:\windows\system32\drivers\DcsTracer.sys [2009-5-5 64464] R1 DcsCap;DataCore Capability;c:\windows\system32\drivers\DcsCap.sys [2009-5-5 238672] R1 DcsHa;DataCore High Availability;c:\windows\system32\drivers\DcsHa.sys [2009-5-5 84176] R1 DcsSdc;DataCore Domain;c:\windows\system32\drivers\DcsSdc.sys [2009-5-5 43600] R1 DcsState;DataCore System State;c:\windows\system32\drivers\DcsState.sys [2009-5-5 27856] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-11-11 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-11-11 108392] R2 DcsSDS;DataCore Storage Domain Server;c:\program files\datacore software\sanmelody\DcsSds.exe [2009-5-5 521632] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-23 366640] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-8-26 120248] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-8-26 126392] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-11 2477304] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-15 1526080] R3 DcsiMgr;DataCore iScsi Manager Driver;c:\windows\system32\drivers\DcsiMgr.sys [2009-5-5 207184] R3 DcsIs;DataCore Software iScsi Driver;c:\windows\system32\drivers\DcsIs.sys [2009-5-5 167504] R3 DcsNULL;DataCore Null FCP Port Driver;c:\windows\system32\drivers\DcsNull.sys [2009-5-5 20560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-1 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-23 22712] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110903.002\NAVENG.SYS [2011-9-4 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110903.002\NAVEX15.SYS [2011-9-4 1576312] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-23 41272] S1 DcsCache;DataCore Cache;c:\windows\system32\drivers\DcsCache.sys [2009-5-5 60496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DcsStart;DataCore Start Service;c:\program files\datacore software\sanmelody\DcsStart.exe [2009-5-5 152992] S2 gupdate1c9da0d7e6556ba;Google Update Service (gupdate1c9da0d7e6556ba);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104] S2 ose32;Office Source Engine ; [x] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-11-11 23888] S3 DcsRcmd;DataCore Remote Command Service;c:\program files\datacore software\sanmelody\DcsRcmd.exe [2009-5-5 140712] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088] S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2011-8-25 19384] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DcsTmSvc;DataCore UpTempo;c:\program files\datacore software\uptempo\DcsTmSvc.exe [2009-5-5 75168] . =============== Created Last 30 ================ . 2011-09-04 04:13:31 -------- d-sha-r- C:\cmdcons 2011-09-04 03:42:46 98816 ----a-w- c:\windows\sed.exe 2011-09-04 03:42:46 518144 ----a-w- c:\windows\SWREG.exe 2011-09-04 03:42:46 256000 ----a-w- c:\windows\PEV.exe 2011-09-04 03:42:46 208896 ----a-w- c:\windows\MBR.exe 2011-09-01 21:03:37 -------- d-----w- C:\Diskeeper 2011-08-31 15:04:11 -------- d-----w- C:\Old System ini_broken maybe 2011-08-31 08:58:28 -------- d-----w- c:\program files\ESET 2011-08-31 02:02:12 -------- d-----w- c:\documents and settings\rhoneyman\application data\SUPERAntiSpyware.com 2011-08-31 02:00:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-31 02:00:56 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-08-30 14:31:51 -------- d-----w- c:\program files\Windows Resource Kits 2011-08-28 16:22:55 -------- d-----w- c:\documents and settings\rhoneyman\.gimp-2.6 2011-08-28 16:22:23 -------- d-----w- c:\documents and settings\rhoneyman\.gegl-0.0 2011-08-28 10:12:36 -------- d-----w- c:\documents and settings\rhoneyman\application data\Finjan 2011-08-28 10:12:35 -------- d-----w- c:\program files\M86Security Secure Browsing 2011-08-26 13:47:49 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Tific 2011-08-26 13:47:49 -------- d-----w- c:\documents and settings\rhoneyman\application data\Tific 2011-08-26 13:46:43 -------- d-----w- c:\windows\system32\drivers\nortonpccheckup\0200080.00D 2011-08-26 13:46:43 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup 2011-08-26 13:46:40 -------- d-----w- c:\program files\Norton PC Checkup 2011-08-26 13:46:39 -------- d-----w- c:\documents and settings\all users\application data\Norton 2011-08-26 13:46:21 -------- d-----w- c:\program files\NortonInstaller 2011-08-26 13:46:21 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-08-25 17:53:02 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Microsoft Help 2011-08-25 05:12:25 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys 2011-08-25 05:12:03 -------- d-----w- c:\program files\Iomega 2011-08-24 16:19:44 -------- d-----w- c:\documents and settings\rhoneyman\application data\DriverCure 2011-08-24 16:19:12 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic 2011-08-24 14:43:45 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-08-24 03:07:26 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-08-24 02:18:19 -------- d-----w- c:\program files\AirPort 2011-08-24 01:56:33 -------- d--h--w- c:\program files\Zero G Registry 2011-08-23 18:53:08 -------- d-----w- c:\documents and settings\rhoneyman\application data\Malwarebytes 2011-08-23 18:52:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-23 18:52:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-08-23 18:52:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 18:52:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-23 18:27:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-08-23 18:15:29 -------- d-----w- c:\program files\common files\xing shared 2011-08-23 17:09:47 -------- d-----w- c:\windows\Hewlett-Packard 2011-08-23 14:56:52 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Secunia PSI 2011-08-23 14:56:25 -------- d-----w- c:\program files\Secunia 2011-08-22 01:40:12 388096 ----a-r- c:\documents and settings\rhoneyman\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-22 01:40:11 -------- d-----w- c:\program files\Trend Micro 2011-08-12 11:25:16 -------- d-----w- c:\documents and settings\rhoneyman\application data\foobar2000 2011-08-12 04:15:13 -------- d-----w- c:\documents and settings\rhoneyman\application data\EAC 2011-08-12 04:15:00 -------- d-----w- c:\documents and settings\rhoneyman\application data\AccurateRip 2011-08-11 15:35:32 -------- d-----w- c:\program files\Process Monito 2011-08-11 15:04:33 632656 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-11 05:08:41 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Spotify 2011-08-11 05:08:41 -------- d-----w- c:\documents and settings\rhoneyman\application data\Spotify 2011-08-11 03:56:50 -------- d-----w- c:\documents and settings\rhoneyman\application data\ElevatedDiagnostics 2011-08-11 01:05:11 -------- d-----w- c:\documents and settings\rhoneyman\application data\Windows Search 2011-08-10 23:49:08 -------- d-sh--w- c:\documents and settings\rhoneyman\PrivacIE 2011-08-10 23:49:07 -------- d-sh--w- c:\documents and settings\rhoneyman\IECompatCache 2011-08-10 20:28:04 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Conference Manager 2011-08-10 17:58:26 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\OneNote 2011-08-10 17:47:27 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\LogiShrd 2011-08-10 17:47:16 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Kaluach 3 2011-08-10 17:47:02 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\iLinc 2011-08-10 17:46:42 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Identities 2011-08-10 17:42:01 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Google 2011-08-10 17:41:52 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Downloaded Installations 2011-08-10 17:41:44 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Deployment 2011-08-10 17:41:23 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Apple Computer 2011-08-10 17:41:19 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Apple 2011-08-10 17:41:14 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AOL OCP 2011-08-10 17:41:06 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AOL 2011-08-10 17:40:58 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AIM 2011-08-10 17:37:02 -------- d-----w- c:\documents and settings\rhoneyman\application data\eFax Messenger 2011-08-10 17:36:45 -------- d-----w- c:\documents and settings\rhoneyman\application data\HpUpdate 2011-08-10 17:36:40 -------- d-----w- c:\documents and settings\rhoneyman\application data\Intel 2011-08-10 17:36:06 -------- d-----w- c:\documents and settings\rhoneyman\application data\j2 Global 2011-08-10 17:34:37 -------- d-----w- c:\documents and settings\rhoneyman\application data\Office Genuine Advantage 2011-08-10 17:33:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Mael 2011-08-10 17:33:43 -------- d-----w- c:\documents and settings\rhoneyman\application data\Quicken WillMaker 2011-08-10 17:27:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Trusteer 2011-08-10 17:27:43 -------- d-----w- c:\documents and settings\rhoneyman\application data\Uniblue 2011-08-10 17:27:38 -------- d-----w- c:\documents and settings\rhoneyman\application data\webex 2011-08-10 17:27:33 -------- d-----w- c:\documents and settings\rhoneyman\application data\Windows Desktop Search 2011-08-10 17:23:06 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Adobe 2011-08-10 17:16:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Intuit 2011-08-10 17:11:37 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Symantec 2011-08-10 17:07:48 -------- d-----w- c:\documents and settings\rhoneyman\application data\TuneUp Software 2011-08-09 00:58:49 -------- d-----w- c:\program files\Free Window Registry Repair 2011-08-09 00:21:06 -------- d-----w- c:\program files\CCleaner 2011-08-08 23:56:07 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND . ==================== Find3M ==================== . 2011-08-24 19:31:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2011-08-24 19:29:59 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2011-08-15 17:10:19 106496 ----a-w- c:\windows\DUMPf2ad.tmp 2011-08-15 11:19:14 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-08-11 03:57:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-24 13:37:40 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2011-06-24 13:37:39 114616 ----a-w- c:\windows\system32\Vxdif.dll 2011-06-24 13:37:38 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-02-06 13:30:54 0 ----a-w- c:\program files\common files\admintool.exe . ============= FINISH: 1:04:31.82 ===============

Thanks, Chris. I'll do this in two posts. Please note that another unauthorized set of schedules was created the other day. I changed the run time to 1/1/2012 in case you wanted to take a look. I've added a password to the admin account, sharing on C: remains under control and there are no new accounts showing up with any rights. However, Anti-Malware continues to intercept transmissions to phantom IP addresses (or, redirected, I suppose). The latest was half an hour ago. The addresses continue to morph somehow. The last couple of days (I was off for 25 hours): 9-2-2011 01:37:03 rhoneyman IP-BLOCK 89.248.160.175 (Type: outgoing) 01:37:06 rhoneyman IP-BLOCK 89.248.160.175 (Type: outgoing) 01:37:12 rhoneyman IP-BLOCK 89.248.160.175 (Type: outgoing) 09:00:15 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 09:00:17 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 09:00:21 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 9-4-2011 00:06:20 rhoneyman IP-BLOCK 89.28.106.6 (Type: outgoing) 00:06:28 rhoneyman IP-BLOCK 89.28.106.6 (Type: outgoing) 00:30:01 rhoneyman MESSAGE Scheduled scan executed successfully 01:01:29 rhoneyman IP-BLOCK 89.28.106.6 (Type: outgoing) 01:01:31 rhoneyman IP-BLOCK 89.28.106.6 (Type: outgoing) 01:01:35 rhoneyman IP-BLOCK 89.28.106.6 (Type: outgoing) 01:11:32 rhoneyman IP-BLOCK 77.78.221.89 (Type: outgoing) 01:11:35 rhoneyman IP-BLOCK 77.78.221.89 (Type: outgoing) Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7639 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/3/2011 9:50:20 PM mbam-log-2011-09-03 (21-50-20).txt Scan type: Quick scan Objects scanned: 187490 Time elapsed: 26 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

My problems started nine days ago. When I ran a search for something, I got redirected to bizarre sites. What annoys the hell out of me is that I have Symantec Endpoint Protection 2009 (SEV), update it automatically, and run a full scan every night. It should have protected me in the first place, but like a worthless sot, or even better, like the good soldier Schweik, the useless resource hog just sits there soaking up space and cycles while the nasties run havoc all around it. Anyway, I googled my problem and found your site. I looked around and figured that I ought to be able to follow the leader and try and clean my own house, as it were...I downloaded Hijack This, DDS, GMER, and (ouch) Combofix (ran it but didn't know what to do with it so I tossed it, since, after I turned SEV back on, it chewed it up and spit it out like a rotten piece of meat.) I have none of the logs from any of those. I seem to recal Hijack finding something that I deleted. But that was it. There was also mention of Secunia to flag any out-of-date apps or drivers sitting on the computer. Secunia identified four apps that were out-of-date. Two were missing updates and two were EOL. I deleted an old MS utility that is no longer used and upgraded Java, blowing away a version from years ago (my computer has ridden the rails with me for going on a dog's life: seven+ years). When Secunia pointed to Apache and PHP (?), I knew I was in for a ride. I called my son, who told me there's no way the his father would ever need Apache! Looking deeper, I saw that it was embedded in an interesting open source app, usually hosted but also with a local option. Since I haven't touched that app in months, I blew it away along with the EOL and out-of-date problems. Still, my computer, already sluggish, was getting ever slower. So a couple of days later, I went back to your site, noticed I had seemingly missed some freeware, and downloaded the Malware application. It found the following: Files Infected: c:\WINDOWS\system32\020000009db5cfb41406c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000009db5cfb41406o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000009db5cfb41406p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000009db5cfb41406s.manifest (Malware.Trace) -> Quarantined and deleted successfully. I ran the app again the next two days and everything was clean. Meanwhile, I was running three or four different registry scrubbers, expecting that between keeping the registry clean and keeping SEV going at full throttle, I was in pretty good shape. Plus, I'd picked up Norton PC Checkup, just to make sure everything was squeaky. But a couple of days later, the SEP morning report showed this: trkwks32.exe, Trojan.Tracur!gen1, Cleaned by deletion, File, c:\WINDOWS\system32\, The file was deleted successfully., 8/28/2011 3:46:33 AM Pardon me, but isn't the reason I have SEV sitting on my box? To make sure things get caught trying to enter, not after they'd breached the walls and started setting the fortress afire? At any rate, that led me to purchase a full license from Malware. I set it up to run a flash scan every time it downloaded a new definitions file. It came across some registry action on a flash scan: Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. But what was far more disturbing was the following report from Anti-Malware's Protection Log two days ago: 08:09:23 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 08:58:33 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 08:58:40 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 10:17:26 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 10:17:28 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 10:17:32 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) Nothing over night but again in the morning: 08:58:39 rhoneyman IP-BLOCK 83.128.64.247 (Type: outgoing) 08:58:41 rhoneyman IP-BLOCK 83.128.64.247 (Type: outgoing) 08:58:45 rhoneyman IP-BLOCK 83.128.64.247 (Type: outgoing) 12:27:50 rhoneyman IP-BLOCK 62.45.204.140 (Type: outgoing) 12:27:52 rhoneyman IP-BLOCK 62.45.204.140 (Type: outgoing) 12:55:34 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 12:55:37 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 12:55:41 rhoneyman IP-BLOCK 89.28.124.166 (Type: outgoing) 12:59:59 rhoneyman IP-BLOCK 62.45.204.140 (Type: outgoing) 13:00:03 rhoneyman IP-BLOCK 62.45.204.140 (Type: outgoing) You'll notice that now I've got mind-numbing outbound transmissions going to three different IP addresses. Today, fortunately, there was only a single attempt this morning, although to a fourth address. 08:52:36 rhoneyman IP-BLOCK 62.45.246.216 (Type: outgoing) At the time that I downloadedI can't recall why but yesterday I became concerned about mshta.exe. Google led me to another thread on your site. The person assisting had two more apps to throw into the mix: ATF Cleaner and Super Antispyware. In for nickel, in for a buck. I downloaded them and followed instructions copiously (even an old dog can, you know, learn to adapt). Nothng surprising about either one, except for finding 52 adware objects that no one else had uncovered. Meanwhile, I googled mshta again and found a reference to a Symantec reg fix. I checked the five or six registry entries, e.g., HKEY_CLASSES_ROOT\htafile\shell\open\command where the default should equal "%1" %*. Instead, the default pointed to System 32\mshta.exe. One other entry was similar, pointing to hpertrm.exe or .dll. I fixed both and then moved all versions of the exes and dlls for those two extenstions to trash. They remain sitting there, waiting for some sort of inspiration on what how to tell clean files from dirty ones. As well, Symantec has a simple script to also correct the registry for any problems with .bat, .com, .exe, .pif, .reg, .and .scr extensions. Back to your site. Reading on, there was a comment to look at scheduled tasks. When I did, I found 10 entries for Real (I think I'm dropping them), I was annoyed. But there was one entry that looked really suspicious. User_Feed_Synchronization-{47D06254-0040-476E-9B31-03180AC5A720} I think that the outbound transmissions ended after clearing out scheduled tasks. I couldn't tell what it was linked to. In the registry, searching the final handful of digits only yields two entries, both different flavors of Microsoft\Feeds SyncTask. I don't know how to relate the naming conventions to a commonly identifiable process and application so I have to drop this o Last night, I started an online ESET scan, another suggestion from this particular thread. When, after seven hours ESET was only 50% finished, I terminated the scan. Besides, it tried to take out some Uniblue files. I discovered that ESET wants to run without any other protection on the machine. But I wasn't about to turn Anti-Malware off, not with all the stuff listed above going on. While that was going on, I somehow got pointed at boot.ini. The file had been hacked. I'm sure to what end, but it was clearly out of spec: [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect I edited out the two strange lines to leave boot.ini back in spec. Finally, a few weeks ago, TuneUp Utilities informed me that C:\ was set up for networking. I shut that down on the spot. But, two days ago, I got the message again. I again turn off any sharing with the outside world. Today, I checked out security and found two numeric users with full rights. I logged in as administrator and created a password. That's when I decided to ask for help. At this point, the only thing that I know is weird is when I'm on your site and I hit the backspace key, nothing happens. When I hit the dropdown to go back or forward, it lists not bleepingcomputer but https://googleleads.g.doubleclick.net/pag. I'm out of things to do, and way way past my expertise. And that's not even counting that Iomega's QuikProtect blue screens while being configured. Or that it sometimes won't even load. I figure it's all related, although as soon as we're ok with this issue, I will be testing RAM and HDD. Here follows the requisite submissions. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by rhoneyman at 18:54:31 on 2011-08-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.584 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\System32\svchost.exe -k Akamai svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DataCore Software\SANmelody\DcsSds.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\Explorer.EXE C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\AirPort\APAgent.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DataCore Software\SANmelody\DcsShMon.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [TPSMain] TPSMain.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 12.0.1278.0 StartupFolder: c:\docume~1\rhoney~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rhoneyman\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\documents and settings\rhoneyman\start menu\programs\startup\OneNote Table Of Contents.onetoc2 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sanmel~1.lnk - c:\program files\datacore software\sanmelody\DcsShMon.exe uPolicies-explorer: MaxRecentDocs = 41 (0x29) uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) uPolicies-system: disableregistrytools = 0 mPolicies-system: HideShutdownScripts = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: advpa.com\www Trusted Zone: apple.com\www Trusted Zone: barclaycardus.com\www Trusted Zone: chase.com\cards Trusted Zone: google.com\www Trusted Zone: target.com\rcam Trusted Zone: target.com\www Trusted Zone: usatoday.com\puzzles Trusted Zone: verizonwireless.com\www Trusted Zone: wachovia.com\www DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netsuitemeeting.webex.com/client/T26LSP49EP12/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{45193AB9-07F5-46FC-BA7E-E6D0C8AE3B2B} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 DcsCf;DataCore Disk Cache;c:\windows\system32\drivers\DcsCf.sys [2009-5-5 94288] R0 DcsFcEng;DataCore Fibre Channel Engine Driver;c:\windows\system32\drivers\DcsFcEng.sys [2009-5-5 288464] R0 DcsPerf;DataCore Disk Performance Driver;c:\windows\system32\drivers\DcsPerf.sys [2009-5-5 15824] R0 DcsPMF;DataCore Partition Management;c:\windows\system32\drivers\DcsPMF.sys [2009-5-5 65872] R0 DcsPoll;DataCore Poller Driver;c:\windows\system32\drivers\DcsPoll.sys [2009-5-5 18512] R0 DcsShim;DataCore Scsi Shim Driver;c:\windows\system32\drivers\DcsShim.sys [2009-5-5 67408] R0 DcsSp;DataCore SCSI Driver;c:\windows\system32\drivers\DcsSp.sys [2009-5-5 154320] R0 DcsSup;DataCore Support Driver;c:\windows\system32\drivers\DcsSup.sys [2009-5-5 49104] R0 DcsTracer;DataCore Tracer Driver;c:\windows\system32\drivers\DcsTracer.sys [2009-5-5 64464] R1 DcsCap;DataCore Capability;c:\windows\system32\drivers\DcsCap.sys [2009-5-5 238672] R1 DcsHa;DataCore High Availability;c:\windows\system32\drivers\DcsHa.sys [2009-5-5 84176] R1 DcsSdc;DataCore Domain;c:\windows\system32\drivers\DcsSdc.sys [2009-5-5 43600] R1 DcsState;DataCore System State;c:\windows\system32\drivers\DcsState.sys [2009-5-5 27856] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-11-11 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-11-11 108392] R2 DcsSDS;DataCore Storage Domain Server;c:\program files\datacore software\sanmelody\DcsSds.exe [2009-5-5 521632] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-23 366640] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-8-26 120248] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-8-26 126392] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-11 2477304] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-15 1526080] R3 DcsiMgr;DataCore iScsi Manager Driver;c:\windows\system32\drivers\DcsiMgr.sys [2009-5-5 207184] R3 DcsIs;DataCore Software iScsi Driver;c:\windows\system32\drivers\DcsIs.sys [2009-5-5 167504] R3 DcsNULL;DataCore Null FCP Port Driver;c:\windows\system32\drivers\DcsNull.sys [2009-5-5 20560] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-23 22712] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110830.025\NAVENG.SYS [2011-8-31 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110830.025\NAVEX15.SYS [2011-8-31 1576312] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064] S1 DcsCache;DataCore Cache;c:\windows\system32\drivers\DcsCache.sys [2009-5-5 60496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DcsStart;DataCore Start Service;c:\program files\datacore software\sanmelody\DcsStart.exe [2009-5-5 152992] S2 gupdate1c9da0d7e6556ba;Google Update Service (gupdate1c9da0d7e6556ba);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104] S2 ose32;Office Source Engine ; [x] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-11-11 23888] S3 DcsRcmd;DataCore Remote Command Service;c:\program files\datacore software\sanmelody\DcsRcmd.exe [2009-5-5 140712] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104] S3 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088] S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2011-8-25 19384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DcsTmSvc;DataCore UpTempo;c:\program files\datacore software\uptempo\DcsTmSvc.exe [2009-5-5 75168] . =============== File Associations =============== . scrfile="%1" %* . =============== Created Last 30 ================ . 2011-08-31 15:04:11 -------- d-----w- C:\Old System ini_broken maybe 2011-08-31 08:58:28 -------- d-----w- c:\program files\ESET 2011-08-31 02:02:12 -------- d-----w- c:\documents and settings\rhoneyman\application data\SUPERAntiSpyware.com 2011-08-31 02:00:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-31 02:00:56 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-08-30 14:31:51 -------- d-----w- c:\program files\Windows Resource Kits 2011-08-28 16:22:55 -------- d-----w- c:\documents and settings\rhoneyman\.gimp-2.6 2011-08-28 16:22:23 -------- d-----w- c:\documents and settings\rhoneyman\.gegl-0.0 2011-08-28 10:12:36 -------- d-----w- c:\documents and settings\rhoneyman\application data\Finjan 2011-08-28 10:12:35 -------- d-----w- c:\program files\M86Security Secure Browsing 2011-08-26 13:47:49 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Tific 2011-08-26 13:47:49 -------- d-----w- c:\documents and settings\rhoneyman\application data\Tific 2011-08-26 13:46:43 -------- d-----w- c:\windows\system32\drivers\nortonpccheckup\0200080.00D 2011-08-26 13:46:43 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup 2011-08-26 13:46:40 -------- d-----w- c:\program files\Norton PC Checkup 2011-08-26 13:46:39 -------- d-----w- c:\documents and settings\all users\application data\Norton 2011-08-26 13:46:21 -------- d-----w- c:\program files\NortonInstaller 2011-08-26 13:46:21 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-08-25 17:53:02 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Microsoft Help 2011-08-25 05:12:25 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys 2011-08-25 05:12:03 -------- d-----w- c:\program files\Iomega 2011-08-24 16:19:44 -------- d-----w- c:\documents and settings\rhoneyman\application data\DriverCure 2011-08-24 16:19:12 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic 2011-08-24 14:43:45 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-08-24 03:07:26 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-08-24 02:29:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-08-24 02:18:19 -------- d-----w- c:\program files\AirPort 2011-08-24 01:56:33 -------- d--h--w- c:\program files\Zero G Registry 2011-08-23 18:53:08 -------- d-----w- c:\documents and settings\rhoneyman\application data\Malwarebytes 2011-08-23 18:52:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-23 18:52:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-08-23 18:52:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 18:52:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-23 18:27:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-08-23 18:15:29 -------- d-----w- c:\program files\common files\xing shared 2011-08-23 17:09:47 -------- d-----w- c:\windows\Hewlett-Packard 2011-08-23 14:56:52 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Secunia PSI 2011-08-23 14:56:25 -------- d-----w- c:\program files\Secunia 2011-08-22 03:25:58 -------- d-sha-r- C:\cmdcons 2011-08-22 01:40:12 388096 ----a-r- c:\documents and settings\rhoneyman\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-22 01:40:11 -------- d-----w- c:\program files\Trend Micro 2011-08-12 11:25:16 -------- d-----w- c:\documents and settings\rhoneyman\application data\foobar2000 2011-08-12 04:15:13 -------- d-----w- c:\documents and settings\rhoneyman\application data\EAC 2011-08-12 04:15:00 -------- d-----w- c:\documents and settings\rhoneyman\application data\AccurateRip 2011-08-11 15:35:32 -------- d-----w- c:\program files\Process Monito 2011-08-11 15:04:33 632656 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-11 05:08:41 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Spotify 2011-08-11 05:08:41 -------- d-----w- c:\documents and settings\rhoneyman\application data\Spotify 2011-08-11 03:56:50 -------- d-----w- c:\documents and settings\rhoneyman\application data\ElevatedDiagnostics 2011-08-11 01:05:11 -------- d-----w- c:\documents and settings\rhoneyman\application data\Windows Search 2011-08-10 23:49:08 -------- d-sh--w- c:\documents and settings\rhoneyman\PrivacIE 2011-08-10 23:49:07 -------- d-sh--w- c:\documents and settings\rhoneyman\IECompatCache 2011-08-10 20:28:04 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Conference Manager 2011-08-10 17:58:26 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\OneNote 2011-08-10 17:47:27 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\LogiShrd 2011-08-10 17:47:16 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Kaluach 3 2011-08-10 17:47:02 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\iLinc 2011-08-10 17:46:42 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Identities 2011-08-10 17:42:01 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Google 2011-08-10 17:41:52 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Downloaded Installations 2011-08-10 17:41:44 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Deployment 2011-08-10 17:41:23 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Apple Computer 2011-08-10 17:41:19 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Apple 2011-08-10 17:41:14 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AOL OCP 2011-08-10 17:41:06 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AOL 2011-08-10 17:40:58 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\AIM 2011-08-10 17:37:02 -------- d-----w- c:\documents and settings\rhoneyman\application data\eFax Messenger 2011-08-10 17:36:45 -------- d-----w- c:\documents and settings\rhoneyman\application data\HpUpdate 2011-08-10 17:36:40 -------- d-----w- c:\documents and settings\rhoneyman\application data\Intel 2011-08-10 17:36:06 -------- d-----w- c:\documents and settings\rhoneyman\application data\j2 Global 2011-08-10 17:34:37 -------- d-----w- c:\documents and settings\rhoneyman\application data\Office Genuine Advantage 2011-08-10 17:33:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Mael 2011-08-10 17:33:43 -------- d-----w- c:\documents and settings\rhoneyman\application data\Quicken WillMaker 2011-08-10 17:27:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Trusteer 2011-08-10 17:27:43 -------- d-----w- c:\documents and settings\rhoneyman\application data\Uniblue 2011-08-10 17:27:38 -------- d-----w- c:\documents and settings\rhoneyman\application data\webex 2011-08-10 17:27:33 -------- d-----w- c:\documents and settings\rhoneyman\application data\Windows Desktop Search 2011-08-10 17:23:06 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Adobe 2011-08-10 17:16:58 -------- d-----w- c:\documents and settings\rhoneyman\application data\Intuit 2011-08-10 17:11:37 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\Symantec 2011-08-10 17:07:48 -------- d-----w- c:\documents and settings\rhoneyman\application data\TuneUp Software 2011-08-10 16:55:18 -------- d-----w- c:\documents and settings\rhoneyman\local settings\application data\ApplicationHistory 2011-08-09 00:58:49 -------- d-----w- c:\program files\Free Window Registry Repair 2011-08-09 00:21:06 -------- d-----w- c:\program files\CCleaner 2011-08-08 23:56:07 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND . ==================== Find3M ==================== . 2011-08-24 19:31:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2011-08-24 19:29:59 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2011-08-15 17:10:19 106496 ----a-w- c:\windows\DUMPf2ad.tmp 2011-08-15 11:19:14 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-08-11 03:57:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 20:44:14 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-24 13:37:40 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2011-06-24 13:37:39 114616 ----a-w- c:\windows\system32\Vxdif.dll 2011-06-24 13:37:38 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-02-06 13:30:54 0 ----a-w- c:\program files\common files\admintool.exe . ============= FINISH: 18:55:55.01 =============== Anti-Malware: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7622 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/31/2011 8:15:37 PM mbam-log-2011-08-31 (20-15-37).txt Scan type: Quick scan Objects scanned: 186011 Time elapsed: 25 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip