Jump to content

System Fix Nightmare Continues


Recommended Posts

After finding my laptop infected by System Fix, I unsuccessfully used PC Tools Spyware Doctor and ARO 2011 in an attempt to remove and fix the problem (the pop ups were ended). Hidden icons and hidden start menu options persisted, and I found MbAM. After a quick scan and restart the same problems were appearing. A full scan found another infection, and after deleting and restart I received a blue screen error. I'm restarted in Safe Mode with Networking. DDS files attached below:

Thanks in advance for your help. You all are awesome!!

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22

Run by Jim Parsons at 10:20:06 on 2011-12-17

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2289 [GMT -8:00]

.

AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.xfinity.com/?cid=insDate11192011

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110304183756.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [TOSCDSPD] TOSCDSPD.EXE

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [EPSON3E9956 (Artisan 837)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihoa.exe /fu "c:\users\jimpar~1\appdata\local\temp\E_SD214.tmp" /EF "HKCU"

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [HWSetup] \HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [skytel] Skytel.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser

mRun: [uSBestCR] c:\program files\usim editor\iconcs18528425.exe RunFromReg

mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\jimpar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jim parsons\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\jimpar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AFD878D1-D80E-4613-966A-63375C2D5EE1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CE2328A7-12CC-41AB-850D-7BC0BEFD5A92} : DhcpNameServer = 68.87.64.208 68.87.66.208

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: psfus - c:\windows\system32\psqlpwd.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

LSA: Notification Packages = scecli psqlpwd

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jim parsons\appdata\roaming\mozilla\firefox\profiles\00pu688s.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-12 436728]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-16 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-16 341656]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-16 660992]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-12 63856]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-12 162928]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-16 253096]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-11 155712]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-11 145936]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-12 331016]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-26 27632]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-12-16 54328]

S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-12-16 574424]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-16 185560]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2009-10-24 65536]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2011-12-16 546768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-5-2 193192]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2010-10-15 324928]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-11 159320]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-11-11 291064]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-2-2 188736]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-11 1153368]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2011-12-16 402336]

S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2011-12-16 1117624]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-12 21504]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-26 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-13 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-12 171296]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-12 58456]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12 85152]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2009-10-24 50560]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-16 56840]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-16 70536]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-12-16 35264]

S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-10-12 16896]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-11-18 19968]

.

=============== Created Last 30 ================

.

2011-12-17 15:03:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-17 14:10:47 -------- d-----w- c:\users\jim parsons\appdata\roaming\Malwarebytes

2011-12-17 14:10:10 -------- d-----w- c:\programdata\Malwarebytes

2011-12-17 14:10:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 14:10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 04:29:19 11832 ----a-w- c:\windows\system32\drivers\amdide.sys

2011-12-17 04:12:40 -------- d-----w- c:\windows\Repair

2011-12-17 04:12:29 -------- d-----w- c:\users\jim parsons\appdata\roaming\Systweak

2011-12-17 04:11:50 -------- d-----w- c:\program files\Advanced System Optimizer 3

2011-12-16 18:23:30 -------- d-----w- c:\users\jim parsons\appdata\roaming\Sammsoft

2011-12-16 18:22:57 -------- d-----w- c:\program files\ARO 2011

2011-12-16 18:16:14 -------- d-----w- c:\users\jim parsons\appdata\roaming\PCTools

2011-12-16 15:53:06 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-12-16 15:53:06 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-12-16 15:53:00 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-12-16 15:50:27 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2011-12-16 15:50:26 767952 ----a-w- c:\windows\BDTSupport.dll

2011-12-16 15:50:24 2246608 ----a-w- c:\windows\PCTBDCore.dll

2011-12-16 15:50:24 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-12-16 15:50:24 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-12-16 15:49:19 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-12-16 15:49:19 105792 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-12-16 15:49:06 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2011-12-16 15:48:43 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-12-16 15:48:14 -------- d-----w- c:\program files\PC Tools

2011-12-16 15:26:43 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-12-16 15:26:43 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-12-16 15:26:39 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-12-16 15:26:38 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-12-16 15:26:35 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-12-16 15:26:35 -------- d-----w- c:\program files\common files\PC Tools

2011-12-16 15:24:38 -------- d-----w- c:\programdata\PC Tools

2011-12-16 15:24:37 -------- d-----w- c:\users\jim parsons\appdata\roaming\TestApp

2011-12-07 21:28:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-05 21:23:38 -------- d-----w- c:\users\jim parsons\appdata\roaming\NetCentrics

2011-12-05 21:23:38 -------- d-----w- c:\users\jim parsons\appdata\local\NetCentrics

2011-12-05 21:21:39 -------- d-----w- c:\program files\Getting Things Done

2011-12-05 21:17:32 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2011-12-05 19:27:01 -------- d-----w- c:\users\jim parsons\appdata\roaming\Barnes & Noble

2011-12-05 19:26:52 -------- d-----w- c:\program files\Barnes & Noble

2011-11-19 21:30:31 -------- d-----w- c:\users\jim parsons\appdata\local\SupportSoft

2011-11-19 21:29:40 -------- d-----w- c:\program files\ComcastUI

2011-11-19 20:13:32 -------- d-----w- c:\program files\iPod

.

==================== Find3M ====================

.

.

============= FINISH: 10:21:39.27 ===============

And the Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/20/2007 12:06:11 AM

System Uptime: 12/17/2011 10:07:49 AM (0 hours ago)

.

Motherboard: TOSHIBA | | IALAA

Processor: AMD Turion 64 X2 Mobile Technology TL-64 | Socket M2/S1G1 | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 278 GiB total, 141.169 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0008

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #8

PNP Device ID: ROOT\*ISATAP\0008

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0012

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #11

PNP Device ID: ROOT\*ISATAP\0012

Service: tunnel

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

6200

6200_Help

6200Trb

ABBYY FineReader 6.0 Sprint

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.0.1)

Adobe Shockwave Player 11.5

Advanced System Optimizer

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Amazon MP3 Downloader 1.0.10

Analyse-it for Microsoft Excel

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARO 2011

Atheros Driver Installation Program

ATI Catalyst Install Manager

Bluetooth Stack for Windows by Toshiba

Bonjour

Browser Defender 4.0

BufferChm

Camera Assistant Software for Toshiba

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD/DVD Drive Acoustic Silencer

Cisco Connect

Comcast Desktop Software (v1.2.1)

Compatibility Pack for the 2007 Office system

Copy

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

DriverBoost

Dropbox

DVD MovieFactory for TOSHIBA

EPSON Artisan 837 Series Printer Uninstall

eSupportQFolder

Fax

Getting Things Done Outlook Add-In

Google Chrome

Google Desktop

Google Earth

Google SketchUp 7

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToMeeting 4.0.0.320

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Photosmart Essential

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

ICS Viewer 6.0

iTunes

Java Auto Updater

Java 6 Update 22

Java 6 Update 7

Lexmark Printable Web

Lexmark Pro200-S500 Series

Lexmark Tools for Office

Malwarebytes' Anti-Malware version 1.51.2.1300

Mandiant Web Historian

MarketResearch

McAfee Browser Protection Service

McAfee Firewall Protection Service

McAfee SiteAdvisor Enterprise Plus

McAfee Virus and Spyware Protection Service

Media Go

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft XML Parser

Mobile Broadband Generic Drivers

Mozilla Firefox 8.0 (x86 en-US)

Mozilla Thunderbird (2.0.0.24)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Nitro PDF Professional

NOOK for PC

PC Tools Spyware Doctor with AntiVirus 9.0

Pedigree Viewer

Picasa 3

PlayStation®Network Downloader

PlayStation®Store

Protector Suite QL 5.6

QuickBooks Pro 2009

QuickTime

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB2288953)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Shop for HP Supplies

Sibelius Scorch (all browsers)

Skins

Skype Toolbars

Skype™ 4.2

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Status

SupportSoft Assisted Service

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Toolbox

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Games

TOSHIBA Hardware Setup

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TouchChip USB Driver 2.13

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2466076)

USIM Editor 1.0.24.0

Utility Common Driver

ViewSonic Windows Vista Signed Files

Visual C++ 8.0 x86 Runtime Setup Package

Visual Studio 2005 Tools for Office Second Edition Runtime

VZAccess Manager

WebReg

Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

12/17/2011 6:35:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/17/2011 6:35:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

12/17/2011 6:35:51 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/17/2011 6:35:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

12/17/2011 6:30:06 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/17/2011 6:29:46 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/17/2011 10:10:58 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/17/2011 10:10:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/17/2011 10:10:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/17/2011 10:10:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/17/2011 10:10:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/17/2011 10:10:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCTSD spldr TfFsMon TFSysMon tikflj Wanarpv6

12/17/2011 10:10:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/17/2011 10:08:58 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

12/17/2011 10:08:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

12/17/2011 10:06:37 AM, Error: Service Control Manager [7038] - The QuickBooksDB17 service was unable to log on as .\QBDataServiceUser17 with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/17/2011 10:06:37 AM, Error: Service Control Manager [7000] - The QuickBooksDB17 service failed to start due to the following error: The service did not start due to a logon failure.

12/17/2011 10:06:37 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/17/2011 10:06:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001B9E7F2444 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

12/17/2011 10:06:26 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

12/16/2011 9:38:28 AM, Error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2011 9:37:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ThreatFire service to connect.

12/16/2011 9:34:20 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/16/2011 9:32:07 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

12/16/2011 9:29:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001B9E7F2444 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

12/16/2011 9:18:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCTSD spldr TfFsMon TFSysMon Wanarpv6

12/16/2011 9:16:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:14:44 AM on 12/16/2011 was unexpected.

12/16/2011 9:05:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

12/16/2011 9:05:00 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2011 9:03:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

12/16/2011 9:03:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

12/16/2011 9:00:30 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2011 9:00:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

12/16/2011 9:00:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

12/16/2011 7:59:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user JimParsons-PC\McAfeeMVSUser SID (S-1-5-21-1017914629-851795576-1914301546-1007) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/16/2011 7:53:38 AM, Error: PCTCore [280] - The item store is corrupted: @5512.

12/16/2011 7:53:09 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/16/2011 7:40:23 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 6:40:13 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 11:02:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

12/16/2011 11:02:49 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/16/2011 11:00:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee McShield service, but this action failed with the following error: An instance of the service is already running.

12/13/2011 9:57:33 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001B9E7F2444 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

12/12/2011 11:01:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.71.0.39 for the Network Card with network address 001B9E7F2444 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

  • 1 month later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks so much for the reply. Below please find the results of the mbam quick scan:

I will post the other files as soon as the process is completed.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.18.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18999

Jim Parsons :: JIMPARSONS-PC [administrator]

1/23/2012 8:14:15 PM

mbam-log-2012-01-23 (20-14-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200795

Time elapsed: 16 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Log.txt from ComboFix:

ComboFix 12-01-23.02 - Jim Parsons 01/23/2012 20:54:09.1.2 - x86

Running from: c:\users\Jim Parsons\Desktop\ComboFix.exe

AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Jim Parsons\g2mdlhlpx.exe

c:\users\Jim Parsons\System

c:\users\Jim Parsons\System\win_qs8.jqx

c:\users\Jim Parsons\WINDOWS

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))

.

.

2012-01-24 05:08 . 2012-01-24 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-13 19:23 . 2012-01-13 19:24 -------- d-----w- c:\users\McAfeeMVSUser

2012-01-12 04:04 . 2012-01-12 04:04 -------- d-----w- c:\users\Jim Parsons\AppData\Roaming\EPSON

2012-01-11 20:55 . 2009-12-09 08:00 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-01-11 20:55 . 2009-10-16 08:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-01-11 20:55 . 2009-10-16 08:00 12800 ----a-w- c:\windows\system32\escdev.dll

2012-01-11 20:55 . 2012-01-11 20:55 -------- d-----w- c:\program files\epson

2012-01-09 13:50 . 2012-01-09 13:50 -------- d-----w- c:\users\Jim Parsons\AppData\Local\Threat Expert

2012-01-09 02:40 . 2011-08-04 00:58 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-01-09 02:40 . 2011-07-19 17:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-01-09 02:39 . 2011-07-19 17:57 148520 ----a-w- c:\windows\system32\mfevtps.exe

2012-01-09 01:05 . 2009-07-23 08:13 306 ----a-w- c:\windows\myClean.bat

2012-01-06 19:08 . 2012-01-06 19:08 -------- d-----w- c:\programdata\NetCentrics

2011-12-31 21:34 . 2011-12-31 21:34 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2011-12-31 21:34 . 2011-12-31 21:34 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2011-12-31 21:34 . 2011-12-31 21:34 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2011-12-31 21:34 . 2011-12-31 21:34 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 23:24 . 2011-12-17 14:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 21:28 . 2011-12-07 21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 03:43 . 2011-12-16 15:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-11-23 03:42 . 2011-12-16 15:26 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-23 03:41 . 2011-12-16 15:49 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2011-11-23 03:38 . 2011-12-16 15:49 105792 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-11-23 03:38 . 2011-12-16 15:49 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-11-23 02:20 . 2011-12-16 15:53 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-11-23 02:20 . 2011-12-16 15:53 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-11-23 02:20 . 2011-12-16 15:53 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-11-15 00:07 . 2011-12-16 15:50 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-11-15 00:07 . 2011-12-16 15:50 2246608 ----a-w- c:\windows\PCTBDCore.dll

2011-11-15 00:07 . 2011-12-16 15:50 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-11-15 00:06 . 2011-12-16 15:50 767952 ----a-w- c:\windows\BDTSupport.dll

2011-11-14 23:12 . 2011-12-16 15:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-11-14 23:12 . 2011-12-16 15:26 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-11-10 13:54 . 2010-04-16 17:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-31 21:34 . 2011-04-02 04:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-09 22:25 . 2008-08-06 16:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

"Desktop Software"="c:\program files\Common Files\supportsoft\bin\bcont.exe" [2009-04-24 1025320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HWSetup"="\HWSetup.exe hwSetUP" [X]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-11 413696]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-04 49168]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]

"NDSTray.exe"="NDSTray.exe" [bU]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-09 30192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

"Skytel"="Skytel.exe" [2007-05-29 1826816]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]

"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]

"USBestCR"="c:\program files\USIM Editor\iconcs18528425.exe" [2009-10-24 4808704]

"lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]

"EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2010-01-18 139944]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

.

c:\users\Jim Parsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-12-9 984352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2009-10-24 65536]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

*Deregistered* - PCTSDInjDriver32

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-17 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job

- c:\program files\Advanced System Optimizer 3\CheckUpdate.exe [2011-12-17 00:38]

.

2012-01-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-13 02:40]

.

2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 13:00]

.

2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 13:00]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.xfinity.com/?cid=insDate11192011

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

FF - ProfilePath - c:\users\Jim Parsons\AppData\Roaming\Mozilla\Firefox\Profiles\00pu688s.default\

FF - prefs.js: browser.startup.homepage - igoogle.com

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe

AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-23 21:08

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(852)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

.

Completion time: 2012-01-23 21:14:53

ComboFix-quarantined-files.txt 2012-01-24 05:14

.

Pre-Run: 154,385,072,128 bytes free

Post-Run: 154,694,406,144 bytes free

.

- - End Of File - - 40D1F59644662F32162F83311B938BCA

Link to post
Share on other sites

And the DDS.txt file:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_30

Run by Jim Parsons at 21:21:24 on 2012-01-23

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1580 [GMT -8:00]

.

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxebserv.exe

C:\Windows\system32\lxebcoms.exe

C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\Windows\system32\NLSSRV32.EXE

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\USIM Editor\iconcs18528425.exe

C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHOA.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.xfinity.com/?cid=insDate11192011

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120108184025.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [HWSetup] \HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [skytel] Skytel.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser

mRun: [uSBestCR] c:\program files\usim editor\iconcs18528425.exe RunFromReg

mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\jimpar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jim parsons\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\jimpar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{AFD878D1-D80E-4613-966A-63375C2D5EE1} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{CE2328A7-12CC-41AB-850D-7BC0BEFD5A92} : DhcpNameServer = 68.87.64.208 68.87.66.208

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: psfus - c:\windows\system32\psqlpwd.dll

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

LSA: Notification Packages = scecli psqlpwd

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jim parsons\appdata\roaming\mozilla\firefox\profiles\00pu688s.default\

FF - prefs.js: browser.startup.homepage - igoogle.com

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-7-19 461864]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-16 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-16 341656]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-16 660992]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-12-16 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-12-16 574424]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-19 64712]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-19 164776]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-16 253096]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-16 185560]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2011-12-16 546768]

R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]

R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-5-2 193192]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-5-12 324928]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-8 166024]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-1-8 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-8 148520]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-1-8 291064]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-2-2 188736]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]

R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-1-8 291064]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-11 1153368]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-12 21504]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 20464]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-19 180008]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-19 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-19 338040]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-16 56840]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-26 27632]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-12-16 35264]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2009-10-24 65536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 652872]

S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB17 [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-26 13224]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-13 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-19 87808]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2009-10-24 50560]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-16 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2011-12-16 402336]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2011-12-16 1117624]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-10-12 16896]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-11-18 19968]

.

=============== Created Last 30 ================

.

2012-01-24 05:14:59 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-24 04:49:51 98816 ----a-w- c:\windows\sed.exe

2012-01-24 04:49:51 518144 ----a-w- c:\windows\SWREG.exe

2012-01-24 04:49:51 256000 ----a-w- c:\windows\PEV.exe

2012-01-24 04:49:51 208896 ----a-w- c:\windows\MBR.exe

2012-01-24 04:49:37 -------- d-----w- C:\ComboFix

2012-01-11 20:55:35 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-01-11 20:55:35 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-01-11 20:55:35 12800 ----a-w- c:\windows\system32\escdev.dll

2012-01-11 20:55:07 -------- d-----w- c:\program files\epson

2012-01-09 13:50:14 -------- d-----w- c:\users\jim parsons\appdata\local\Threat Expert

2012-01-09 02:40:25 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

2012-01-09 02:40:19 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-01-09 02:39:17 148520 ----a-w- c:\windows\system32\mfevtps.exe

2012-01-09 01:05:22 306 ----a-w- c:\windows\myClean.bat

2012-01-06 19:08:42 -------- d-----w- c:\programdata\NetCentrics

2011-12-31 21:34:20 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2011-12-31 21:34:20 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2011-12-31 21:34:20 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2011-12-31 21:34:20 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 21:28:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 03:43:02 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-11-23 03:42:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-23 03:41:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2011-11-23 03:38:10 105792 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-11-23 03:38:04 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-11-23 02:20:06 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-11-23 02:20:06 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-11-23 02:20:04 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-11-15 00:07:06 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-11-15 00:07:04 2246608 ----a-w- c:\windows\PCTBDCore.dll

2011-11-15 00:07:04 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-11-15 00:06:54 767952 ----a-w- c:\windows\BDTSupport.dll

2011-11-14 23:12:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-11-14 23:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-11-10 13:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 21:22:11.39 ===============

Link to post
Share on other sites

  • Staff

Hi,

I apologize for the extended delay.

I notice that you are using more than one antivirus program (McAfee and PC Tools). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Reboot.

Update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

MBAM Log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.30.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18999

Jim Parsons :: JIMPARSONS-PC [administrator]

1/31/2012 6:29:25 PM

mbam-log-2012-01-31 (18-29-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201958

Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Combofix Log:

ComboFix 12-01-31.01 - Jim Parsons 01/31/2012 18:59:08.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2022 [GMT -8:00]

Running from: c:\users\Jim Parsons\Downloads\ComboFix.exe

AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee® Security-as-a-Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))

.

.

2012-02-01 03:25 . 2012-02-01 03:25 -------- d-----w- c:\users\Jim Parsons\AppData\Local\temp

2012-02-01 03:25 . 2012-02-01 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-13 19:23 . 2012-01-13 19:24 -------- d-----w- c:\users\McAfeeMVSUser

2012-01-12 04:04 . 2012-01-12 04:04 -------- d-----w- c:\users\Jim Parsons\AppData\Roaming\EPSON

2012-01-11 20:55 . 2009-12-09 08:00 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-01-11 20:55 . 2009-10-16 08:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-01-11 20:55 . 2009-10-16 08:00 12800 ----a-w- c:\windows\system32\escdev.dll

2012-01-11 20:55 . 2012-01-11 20:55 -------- d-----w- c:\program files\epson

2012-01-09 13:50 . 2012-01-09 13:50 -------- d-----w- c:\users\Jim Parsons\AppData\Local\Threat Expert

2012-01-09 02:40 . 2011-08-04 00:58 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-01-09 02:40 . 2011-07-19 17:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-01-09 02:39 . 2011-07-19 17:57 148520 ----a-w- c:\windows\system32\mfevtps.exe

2012-01-09 01:05 . 2009-07-23 08:13 306 ----a-w- c:\windows\myClean.bat

2012-01-06 19:08 . 2012-01-06 19:08 -------- d-----w- c:\programdata\NetCentrics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 23:24 . 2011-12-17 14:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 21:28 . 2011-12-07 21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 03:42 . 2011-12-16 15:26 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-10 13:54 . 2010-04-16 17:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-31 21:34 . 2011-04-02 04:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-09 22:25 . 2008-08-06 16:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Jim Parsons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Jim Parsons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Jim Parsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Jim Parsons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Jim Parsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

\HWSetup.exe hwSetUP [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2007-04-11 00:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 06:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2010-01-18 19:19 139944 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2011-07-09 22:25 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 05:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

2006-12-07 23:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2008-09-09 09:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]

2006-11-07 00:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2007-01-09 22:23 191552 ----a-w- c:\program files\ltmoh\ltmoh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]

2011-01-24 04:00 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-12-25 01:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-12-25 01:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

2003-12-03 20:43 1052672 ----a-w- c:\program files\pureedge\Viewer 6.0\masqform.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]

2011-08-25 23:02 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2006-12-04 00:29 49168 ----a-w- c:\program files\Protector Suite QL\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-06-13 20:11 4489216 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-04-06 09:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-05-29 03:39 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2007-06-16 04:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

2006-03-23 04:42 438272 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-08-15 22:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-03-20 15:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBestCR]

2009-10-24 08:05 4808704 ----a-w- c:\program files\USIM Editor\iconcs18528425.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2009-10-24 65536]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-13 02:40]

.

2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 13:00]

.

2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 13:00]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.xfinity.com/?cid=insDate11192011

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.2.1 192.168.1.1

FF - ProfilePath - c:\users\Jim Parsons\AppData\Roaming\Mozilla\Firefox\Profiles\00pu688s.default\

FF - prefs.js: browser.startup.homepage - igoogle.com

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Desktop Software - c:\program files\Common Files\supportsoft\bin\bcont.exe

MSConfigStartUp-ISTray - c:\program files\PC Tools\PC Tools Security\pctsGui.exe

MSConfigStartUp-NDSTray - NDSTray.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-31 19:25

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(776)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

.

Completion time: 2012-01-31 19:35:41

ComboFix-quarantined-files.txt 2012-02-01 03:35

ComboFix2.txt 2012-01-24 05:14

.

Pre-Run: 149,735,215,104 bytes free

Post-Run: 148,960,907,264 bytes free

.

- - End Of File - - 0B5C7081C71FF1FC58674FC29522F37D

Link to post
Share on other sites

The ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cb6143bc4f726a4bb04a5621a2a1b1d3

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-01 06:46:21

# local_time=2012-01-31 10:46:21 (-0800, Pacific Standard Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776638 100 100 37011899 164675694 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=199890

# found=2

# cleaned=2

# scan_time=10614

C:\Users\Jim Parsons\Downloads\client(2).exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jim Parsons\Downloads\client.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee Firewall Protection Service

McAfee Virtual Technician

McAfee Browser Protection Service

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

McAfee SiteAdvisor Enterprise Plus

Java 6 Update 30

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox 10.0. Firefox out of Date!

Mozilla Thunderbird 2.0.0 Thunderbird out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

McAfee Managed VirusScan Agent myAgtSvc.exe

McAfee Managed VirusScan DesktopUI xtray.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader 9

Restart your computer.

Get the latest version of Adobe Reader.

Update Thunderbird. Ensure you are using version 10. Check if any updates are available for Firefox.

Let me know what issues remain.

Link to post
Share on other sites

Hi Chris,

Thanks so much for your help with this. My computer, at this point, seems to be back to its old speed and "behavior". A hard lesson to learn about keeping all programs up to date and finding/keeping a good malware preventative maintenance program in place.

Thanks to all of the folks that provide this service to us in the technologically challenged world. Your service is much needed and appreciated!

Jim

Link to post
Share on other sites

  • Staff

Great news!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 months later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.