Jump to content

Unable to remove infected files - Please help!


Recommended Posts

Recently, I ran a quick scan with MalwareBytes. It informed me that I had 4 infections that were marked for deletion on reboot. I restarted my computer as requested, and out of habit I ran MalwareBytes again to make sure they were deleted, but to my surprise the save for infections showed up during the scan again. Once again, they were marked for deletion on reboot.

I've ran a full system scan with my Norton 360 and no infections were reported.

I also SUPERAntiSpyware and nothing appeared on its report either.

I also tried turning off system restore to see if that would help, but nothing.

I'm not quite sure if I should be worried about these infections or not.

They only show up during my MalwareBytes scan, and won't go away.

I haven't had anything unusual happen with my computer either.

For reference, my computer is running on Windows XP.

Here is my MBAM log with the mentioned infections:

-----

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/9/2010 2:02:49 PM

mbam-log-2010-06-09 (14-02-49).txt

Scan type: Quick Scan

Objects scanned: 154130

Time elapsed: 23 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f954480e-62c1-4c7e-b4c0-2d3a3c51b33c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gpqoypzs (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f954480e-62c1-4c7e-b4c0-2d3a3c51b33c} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\cvfjxvn.dll (Trojan.Vundo.H) -> Delete on reboot.

-----

I know a fair amount about computer since I've dealt with some pretty bad virus' in the past.

But I can't seem to find a solution for this, so please, any help would be much appreciated!

Link to post
Share on other sites

Recently, I ran a quick scan with MalwareBytes. It informed me that I had 4 infections that were marked for deletion on reboot. I restarted my computer as requested, and out of habit I ran MalwareBytes again to make sure they were deleted, but to my surprise the save for infections showed up during the scan again.
Forgive me, I meant to say "the same four infections showed up.."
Link to post
Share on other sites

Hello Guardian! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me I then I'll tell you what to do.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed of any changes.

Step 1

Your program version and database version are very old, so:

Temporarily disable your Anti-Virus and other security software while installing and running.

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Step 4

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. DDS log with Attach.txt
  3. GMER log

Link to post
Share on other sites

Thank you for your assistance Maniac.

So far, I have completed everything successfully up until Step 4. I'm having a little bit of trouble so I thought I'd inform you. I ran GMER last night, and it takes an incredibly long time. Is that normal? I let it run for about 10 hours or so, and it still was not finished. While it was scanning, it seems to make my computer run very slow. I tried to stop the scan so I could at least save what it had scanned so far, but due to the lag I was unable to.

Link to post
Share on other sites

Alright. I'll try it again later to see if it will work.

Here are the logs that you requested though:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4195

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/13/2010 2:24:33 PM

mbam-log-2010-06-13 (14-24-33).txt

Scan type: Quick scan

Objects scanned: 167534

Time elapsed: 24 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f954480e-62c1-4c7e-b4c0-2d3a3c51b33c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gpqoypzs (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f954480e-62c1-4c7e-b4c0-2d3a3c51b33c} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\cvfjxvn.dll (Trojan.Vundo.H) -> Delete on reboot.

-----

DDS (Ver_10-03-17.01) - NTFSx86

Run by Compaq_Administrator at 14:33:17.89 on Sun 06/13/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.387 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\arservice.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Documents and Settings\Compaq_Administrator.LNTJJOHNSON\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: : {f954480e-62c1-4c7e-b4c0-2d3a3c51b33c} - c:\windows\system32\cvfjxvn.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [TK8 StickyNotes] "c:\program files\tk8 stickynotes\TK8StickyNotes.exe"

uRun: [Google Update] "c:\documents and settings\compaq_administrator.lntjjohnson\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [<NO NAME>]

mRun: [PCDrProfiler]

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {FFAC27C9-1275-461F-80E7-2FDA8721B8E3} = 207.69.188.185,207.69.188.186

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gpqoypzs - cvfjxvn.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli scecli scecli

Hosts: 94.232.248.66 antivirsystem.com

Hosts: 94.232.248.66 www.antivirsystem.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1.lnt\applic~1\mozilla\firefox\profiles\kq7xlrb5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\compaq_administrator.lntjjohnson\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mgrfcgjd;mgrfcgjd;c:\windows\system32\drivers\mgrfcgjd.sys [2004-8-9 23424]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-17 207792]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100604.004\IDSXpx86.sys [2010-6-8 331640]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-16 10640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-17 359624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100612.003\NAVENG.SYS [2010-6-12 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100612.003\NAVEX15.SYS [2010-6-12 1347504]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-5-9 29184]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2001-1-2 19677]

=============== Created Last 30 ================

2010-06-13 20:55:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-13 20:55:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-13 20:55:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 05:18:14 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 04:29:04 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-09 04:28:56 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-09 04:18:47 0 d-----w- c:\program files\Trend Micro

2010-06-08 02:29:37 0 dc----w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-21 06:27:10 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-21 22:01:22 299992 ----a-w- c:\windows\fonts\Proletarsk.ttf

2010-05-18 20:16:58 24312 ----a-w- c:\windows\fonts\Barclays Premier League.ttf

2010-05-18 14:29:30 20324 ----a-w- c:\windows\fonts\Commodore Pixelized v1.2.ttf

2010-05-17 01:56:58 23212 ----a-w- c:\windows\fonts\Gaivota.ttf

2010-05-14 17:04:52 17640 ----a-w- c:\windows\fonts\phat Otto.otf

2010-05-09 18:42:12 47496 ----a-w- c:\windows\fonts\circula-medium.otf

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 21:40:40 39848 ----a-w- c:\windows\fonts\minimal-pixel.ttf

2010-05-02 23:25:04 626356 ----a-w- c:\windows\fonts\Cleanvertising.ttf

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-08 09:14:02 57996 ----a-w- c:\windows\fonts\Pixel Square Bold10.ttf

2010-04-08 09:13:32 59164 ----a-w- c:\windows\fonts\Pixel Square 10.ttf

2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

2010-04-03 20:00:20 21737 ----a-w- c:\windows\fonts\pixeljosh6.ttf

2010-04-02 04:42:42 51556 ----a-w- c:\windows\fonts\Fineliner Script.otf

2010-03-30 22:49:42 14236 ----a-w- c:\windows\fonts\criticized.ttf

2008-01-02 05:06:52 3441845 -c--a-w- c:\program files\coreftplite.exe

2007-12-24 07:45:57 4722512 -c--a-w- c:\program files\MsgPlusLive-450.exe

2006-08-20 17:25:26 22 -csha-w- c:\windows\sminst\HPCD.sys

2010-01-26 11:22:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012620100127\index.dat

============= FINISH: 14:34:31.09 ===============

-----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/7/2008 4:37:58 PM

System Uptime: 6/13/2010 2:26:20 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 1772/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 225 GiB total, 83.286 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.504 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

5 Card Slingo from Compaq (remove only)

5600

5600_Help

5600Trb

Action Replay DSi Code Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0

AiO_Scan

AiOSoftware

AllToAVI v4 r5394

Apple Software Update

AstroPop Deluxe from Compaq (remove only)

ATI Control Panel

ATI Display Driver

AviSynth 2.5

Barnyard Invasion from Compaq (remove only)

Bejeweled 2 Deluxe from Compaq (remove only)

BitTorrent

Blackhawk Striker 2 from Compaq (remove only)

Blasterball 2 from Compaq (remove only)

Blasterball 2 Remix from Compaq (remove only)

Boggle Supreme from Compaq (remove only)

Bookworm Deluxe from Compaq (remove only)

Bounce Symphony from Compaq (remove only)

BufferChm

CCleaner

CDDRV_Installer

Chuzzle Deluxe from Compaq (remove only)

Compaq Connections (remove only)

Coupon Printer for Windows

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

Critical Update for Windows Media Player 11 (KB959772)

Crystal Maze from Compaq (remove only)

CueTour

Customer Experience Enhancement

CustomerResearchQFolder

Data Fax SoftModem with SmartCP

Destinations

DeviceFunctionQFolder

DISCover

DocProc

DocumentViewer

DocumentViewerQFolder

Download Updater (AOL LLC)

Easy Internet Sign-up

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Family Feud

FATE from Compaq (remove only)

Fax

GemMaster Mystic

Google Chrome

Google Toolbar for Internet Explorer

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP DigitalMedia Archive

HP Document Viewer 5.3

HP DVD Play 1.0

HP Extended Capabilities 5.3

HP Game Console and games

HP Imaging Device Functions 6.0

HP Photosmart Premier Software 6.0

HP Product Assistant

HP PSC & OfficeJet 5.3.B

HP Rhapsody

HP Solution Center & Imaging Support Tools 5.3

HP Support Overview

HP Update

HP Web Helper

HPProductAssistant

HpSdpAppCoreApp

Insaniquarium Deluxe from Compaq (remove only)

InstantShareDevices

J2SE Runtime Environment 5.0 Update 5

Java Auto Updater

Java 6 Update 20

K-Lite Codec Pack 4.9.5 (Standard)

KhalInstallWrapper

Lagarith Lossless Codec (1.3.19)

Lemonade Tycoon 2 from Compaq (remove only)

Lexibox Deluxe from Compaq (remove only)

LightScribe 1.4.62.1

Logitech SetPoint

Mah Jong Quest from Compaq (remove only)

Malwarebytes' Anti-Malware

MarketResearch

MediaCoder 0.7.2.4536

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Application Error Reporting

Microsoft Away Mode

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Edition 60 Days Trial Welcome Tour

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

Microsoft Works

mIRC

Mozilla Firefox (3.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Netscape Browser (remove only)

NewCopy

Nintendo DS - GBA Max Drive

Norton 360

OptionalContentQFolder

Otto

PanoStandAlone

PC-Doctor 5 for Windows

PhotoGallery

Polar Bowler from Compaq (remove only)

Polar Golfer from Compaq (remove only)

PrintMaster 16

ProductContext

PS2

Puzzle Express from Compaq (remove only)

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

Quicken 2006

QuickTime

RandMap

Readme

RealPlayer

Remove WeatherBug Installer

Ricochet Lost Worlds from Compaq (remove only)

Scan

ScannerCopy

SCRABBLE from Compaq (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Segoe UI

Shin Megami Tensei: Imagine

Shockwave

Shooting Stars Pool from Compaq (remove only)

Shrek 2 Ogre Bowler from Compaq (remove only)

SkinsHP1

Skype

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 7.0

You can read, how to this here:

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Alright. I removed the suggested programs and ran ComboFix.

Here's the combofix log with the DDS log and Attach.txt following it.

ComboFix 10-06-22.02 - Compaq_Administrator 06/23/2010 20:44:30.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.438 [GMT -7:00]

Running from: c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Desktop\Combo-Fix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\program files\AVI Codec Pack\AC3\ac3filter.ax

c:\program files\AVI Codec Pack\AC3\dialog_patch.exe

c:\program files\AVI Codec Pack\DivX 3.11\DivX.inf

c:\program files\AVI Codec Pack\DivX 3.11\DIVX_c32.ax

c:\program files\AVI Codec Pack\DivX 3.11\DivXa32.acm

c:\program files\AVI Codec Pack\DivX 3.11\DivXc32.dll

c:\program files\AVI Codec Pack\DivX 3.11\DivXc32f.dll

c:\program files\AVI Codec Pack\DivX 3.11\L3codeca.acm

c:\program files\AVI Codec Pack\divx.chm

c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax

c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax.manifest

c:\program files\AVI Codec Pack\ffdhow\libavcodec.dll

c:\program files\AVI Codec Pack\ffdhow\libmpeg2_ff.dll

c:\program files\AVI Codec Pack\ffdhow\libmplayer.dll

c:\program files\AVI Codec Pack\ffdhow\TomsMoComp_ff.dll

c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM

c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe

c:\program files\AVI Codec Pack\uninstall.exe

c:\program files\batty\datahtml.sdf

c:\program files\batty\datajava.sdf

c:\program files\batty\Uninstall.exe

c:\program files\Common Files\wfqo\wfqoa.lck

c:\program files\Common Files\wfqo\wfqod\class-barrel

c:\program files\Common Files\wfqo\wfqod\vocabulary

c:\program files\Common Files\wfqo\wfqoh

c:\program files\Common Files\wfqo\wfqol.lck

c:\program files\Common Files\wfqo\wfqom.lck

c:\program files\Common Files\wfqo\wfqop.lck

c:\program files\Fast Browser Search\IE\FBStoolbar.exe

c:\windows\system32\_004917_.tmp.dll

c:\windows\system32\_004918_.tmp.dll

c:\windows\system32\_004919_.tmp.dll

c:\windows\system32\_004920_.tmp.dll

c:\windows\system32\_004927_.tmp.dll

c:\windows\system32\_004928_.tmp.dll

c:\windows\system32\_004929_.tmp.dll

c:\windows\system32\_004930_.tmp.dll

c:\windows\system32\_004932_.tmp.dll

c:\windows\system32\_004933_.tmp.dll

c:\windows\system32\_004936_.tmp.dll

c:\windows\system32\_004937_.tmp.dll

c:\windows\system32\_004939_.tmp.dll

c:\windows\system32\_004940_.tmp.dll

c:\windows\system32\_004941_.tmp.dll

c:\windows\system32\_004943_.tmp.dll

c:\windows\system32\_004946_.tmp.dll

c:\windows\system32\_004947_.tmp.dll

c:\windows\system32\_004951_.tmp.dll

c:\windows\system32\_004952_.tmp.dll

c:\windows\system32\_004954_.tmp.dll

c:\windows\system32\_004956_.tmp.dll

c:\windows\system32\_004957_.tmp.dll

c:\windows\system32\_004959_.tmp.dll

c:\windows\system32\_004960_.tmp.dll

c:\windows\system32\_004961_.tmp.dll

c:\windows\system32\_004962_.tmp.dll

c:\windows\system32\_004963_.tmp.dll

c:\windows\system32\_004966_.tmp.dll

c:\windows\system32\_004967_.tmp.dll

c:\windows\system32\_004968_.tmp.dll

c:\windows\system32\_004969_.tmp.dll

c:\windows\system32\_004970_.tmp.dll

c:\windows\system32\_004975_.tmp.dll

c:\windows\system32\_004977_.tmp.dll

c:\windows\system32\_004978_.tmp.dll

c:\windows\system32\cvfjxvn.dll

c:\windows\system32\drivers\mgrfcgjd.sys

c:\windows\system32\drivers\vktvxjby.sys

c:\windows\system32\tmp.reg

c:\windows\system32\xwkvfyxo.dll

c:\windows\system32\zxwjqzc.dll

c:\windows\system32n9nyb.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MGRFCGJD

-------\Service_mgrfcgjd

-------\Legacy_MGRFCGJD

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))

.

2010-06-14 10:31 . 2010-06-14 10:31 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Symantec

2010-06-13 20:55 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-13 20:55 . 2010-06-13 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-13 20:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-13 20:28 . 2010-06-13 20:28 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\PCHealth

2010-06-10 15:35 . 2010-06-10 15:35 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\PCHealth

2010-06-10 05:18 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 04:29 . 2010-06-09 04:29 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-09 04:29 . 2010-06-09 04:29 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-09 04:29 . 2010-06-09 04:29 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-09 04:29 . 2010-06-09 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-09 04:28 . 2010-06-09 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-09 04:18 . 2010-06-09 04:18 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-09 04:18 . 2010-06-09 04:18 -------- d-----w- c:\program files\Trend Micro

2010-06-08 02:29 . 2010-06-08 02:29 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-07 23:52 . 2010-06-07 23:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 01:23 . 2010-01-21 04:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\BitTorrent

2010-06-23 01:22 . 2006-04-25 00:52 -------- d-----w- c:\program files\Viewpoint

2010-06-20 21:05 . 2009-09-11 11:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-13 20:55 . 2010-01-17 23:28 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Malwarebytes

2010-06-13 20:55 . 2010-01-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-08 02:23 . 2010-03-08 08:51 -------- d-----w- c:\program files\CCleaner

2010-06-04 10:00 . 2009-08-16 08:39 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-23 22:20 . 2010-05-23 22:20 503808 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\msvcp71.dll

2010-05-23 22:20 . 2010-05-23 22:20 499712 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\jmc.dll

2010-05-23 22:20 . 2010-05-23 22:20 348160 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\msvcr71.dll

2010-05-23 22:20 . 2010-05-23 22:20 61440 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d598d9a-n\decora-sse.dll

2010-05-23 22:20 . 2010-05-23 22:20 12800 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d598d9a-n\decora-d3d.dll

2010-05-23 05:24 . 2010-05-23 05:24 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\msvcp71.dll

2010-05-23 05:24 . 2010-05-23 05:24 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\jmc.dll

2010-05-23 05:24 . 2010-05-23 05:24 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\msvcr71.dll

2010-05-23 05:24 . 2010-05-23 05:24 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45fe5d89-n\decora-sse.dll

2010-05-23 05:24 . 2010-05-23 05:24 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45fe5d89-n\decora-d3d.dll

2010-05-22 22:14 . 2006-02-22 04:49 129440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-21 06:28 . 2006-02-22 04:28 -------- d-----w- c:\program files\Common Files\Java

2010-05-21 06:27 . 2010-05-21 06:27 503808 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\msvcp71.dll

2010-05-21 06:27 . 2010-05-21 06:27 499712 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\jmc.dll

2010-05-21 06:27 . 2010-05-21 06:27 348160 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\msvcr71.dll

2008-01-02 05:06 . 2008-01-02 05:06 3441845 -c--a-w- c:\program files\coreftplite.exe

2007-12-24 07:45 . 2007-12-24 07:45 4722512 -c--a-w- c:\program files\MsgPlusLive-450.exe

2006-08-20 17:25 . 2006-08-20 17:25 22 -csha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-04-20 17:10 . 2006-04-20 17:10 50792 c:\program files\Common Files\AOL\1156372331\ee\bak\AOLSoftware.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe

2006-04-20 17:10 . 2006-04-20 17:10 50792 c:\program files\Common Files\AOL\Launch\bak\AOLLaunch.exe

2006-02-22 04:50 . 2006-02-22 04:50 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2006-02-22 04:50 . 2006-02-22 04:50 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-22 05:27 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

2006-02-22 05:27 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2005-05-12 06:12 . 2005-05-12 06:12 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2007-05-08 23:24 . 2007-05-08 23:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2005-08-25 01:25 . 2005-08-25 01:25 101080 c:\program files\Microsoft Location Finder\bak\LocationFinder.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

2006-08-29 18:58 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2006-08-10 02:23 . 2006-08-09 22:41 4617720 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\bak\ehtray.exe

2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\ehtray.exe

2006-02-22 05:02 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE

2006-02-22 05:02 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

"TK8 StickyNotes"="c:\program files\TK8 StickyNotes\TK8StickyNotes.exe" [2010-01-21 9136976]

"Google Update"="c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-17 135664]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"PCDrProfiler"="" [N/A]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-21 36903]

Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-8 805392]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/17/2010 1:31 PM 207792]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 1:08 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 1:08 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 1:08 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100623.001\IDSXpx86.sys [6/23/2010 5:24 PM 331640]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [5/16/2009 7:17 PM 10640]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 1:08 AM 117640]

R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/17/2010 1:31 PM 359624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 1:55 AM 102448]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [5/9/2010 6:59 PM 29184]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [1/2/2001 11:53 PM 19677]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lhqaiyqh

.

Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1008Core.job

- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 03:41]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1008UA.job

- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 03:41]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1010Core.job

- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 03:54]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1010UA.job

- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 03:54]

.

.

------- Supplementary Scan -------

.

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

TCP: {FFAC27C9-1275-461F-80E7-2FDA8721B8E3} = 207.69.188.185,207.69.188.186

FF - ProfilePath - c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Mozilla\Firefox\Profiles\kq7xlrb5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\Family\Application Data\Move Networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\Family\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-23 21:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F954480E-62C1-4C7E-B4C0-2D3A3C51B33C}\ProgID]

@DACL=(02 0000)

@="Hruakydj"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3064)

c:\windows\system32\WININET.dll

c:\docume~1\COMPAQ~1.LNT\LOCALS~1\Temp\IadHide5.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\arservice.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\ARPWRMSG.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-06-23 21:10:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-24 04:09

Pre-Run: 89,079,140,352 bytes free

Post-Run: 89,073,491,968 bytes free

- - End Of File - - 657C26EC591AD31F1127280D4A2F589E

-----

DDS (Ver_09-09-29.01) - NTFSx86

Run by Compaq_Administrator at 18:29:33.67 on Sat 06/26/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.377 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\DISC\DISCover.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Documents and Settings\Compaq_Administrator.LNTJJOHNSON\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [TK8 StickyNotes] "c:\program files\tk8 stickynotes\TK8StickyNotes.exe"

uRun: [Google Update] "c:\documents and settings\compaq_administrator.lntjjohnson\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [PCDrProfiler]

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: trymedia.com

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {FFAC27C9-1275-461F-80E7-2FDA8721B8E3} = 207.69.188.185,207.69.188.186

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1.lnt\applic~1\mozilla\firefox\profiles\kq7xlrb5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\compaq_administrator.lntjjohnson\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\family\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-17 207792]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100625.001\IDSXpx86.sys [2010-6-25 331640]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-16 10640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-17 359624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100626.002\NAVENG.SYS [2010-6-26 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100626.002\NAVEX15.SYS [2010-6-26 1347504]

S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-5-9 29184]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2001-1-2 19677]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-19 33752]

=============== Created Last 30 ================

2010-06-23 01:36 256,512 a------- c:\windows\PEV.exe

2010-06-23 01:36 161,792 a------- c:\windows\SWREG.exe

2010-06-23 01:36 98,816 a------- c:\windows\sed.exe

2010-06-23 01:36 77,312 a------- c:\windows\MBR.exe

2010-06-13 13:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-13 13:55 20,952 a------- c:\windows\system32\drivers\mbam.sys

2010-06-13 13:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 22:18 743,424 -------- c:\windows\system32\dllcache\iedvtool.dll

2010-06-08 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-08 21:28 <DIR> --d----- c:\program files\SUPERAntiSpyware

2010-06-08 21:18 <DIR> --d----- c:\program files\Trend Micro

2010-06-07 19:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

==================== Find3M ====================

2010-05-05 06:30 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-01 22:22 1,851,264 a------- c:\windows\system32\win32k.sys

2010-05-01 22:22 1,851,264 -------- c:\windows\system32\dllcache\win32k.sys

2010-04-19 22:30 285,696 a------- c:\windows\system32\atmfd.dll

2010-04-19 22:30 285,696 -------- c:\windows\system32\dllcache\atmfd.dll

2010-04-12 17:29 411,368 a------- c:\windows\system32\deployJava1.dll

2010-04-06 04:52 2,462,720 a------- c:\windows\system32\dllcache\WMVCore.dll

2008-01-01 22:06 3,441,845 ac------ c:\program files\coreftplite.exe

2007-12-24 00:45 4,722,512 ac------ c:\program files\MsgPlusLive-450.exe

============= FINISH: 18:31:18.85 ===============

-----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/7/2008 4:37:58 PM

System Uptime: 6/25/2010 8:24:12 AM (34 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 225 GiB total, 77.085 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.504 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/23/2010 1:36:29 AM - System Checkpoint

RP2: 6/23/2010 2:05:30 AM - Software Distribution Service 3.0

RP3: 6/24/2010 2:16:21 AM - System Checkpoint

RP4: 6/24/2010 3:00:20 AM - Software Distribution Service 3.0

RP5: 6/25/2010 3:00:19 AM - Software Distribution Service 3.0

RP6: 6/25/2010 3:29:51 AM - Software Distribution Service 3.0

RP7: 6/26/2010 3:00:24 AM - Software Distribution Service 3.0

==== Installed Programs ======================

5 Card Slingo from Compaq (remove only)

5600

5600_Help

5600Trb

Action Replay DSi Code Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

AiO_Scan

AiOSoftware

AllToAVI v4 r5394

Apple Software Update

AstroPop Deluxe from Compaq (remove only)

ATI Control Panel

ATI Display Driver

AviSynth 2.5

Barnyard Invasion from Compaq (remove only)

Bejeweled 2 Deluxe from Compaq (remove only)

BitTorrent

Blackhawk Striker 2 from Compaq (remove only)

Blasterball 2 from Compaq (remove only)

Blasterball 2 Remix from Compaq (remove only)

Boggle Supreme from Compaq (remove only)

Bookworm Deluxe from Compaq (remove only)

Bounce Symphony from Compaq (remove only)

BufferChm

CCleaner

CDDRV_Installer

Chuzzle Deluxe from Compaq (remove only)

Compaq Connections (remove only)

Coupon Printer for Windows

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

Critical Update for Windows Media Player 11 (KB959772)

Crystal Maze from Compaq (remove only)

CueTour

Customer Experience Enhancement

CustomerResearchQFolder

Data Fax SoftModem with SmartCP

Destinations

DeviceFunctionQFolder

DISCover

DocProc

DocumentViewer

DocumentViewerQFolder

Download Updater (AOL LLC)

Easy Internet Sign-up

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Family Feud

FATE from Compaq (remove only)

Fax

GemMaster Mystic

Google Chrome

Google Toolbar for Internet Explorer

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP DigitalMedia Archive

HP Document Viewer 5.3

HP DVD Play 1.0

HP Extended Capabilities 5.3

HP Game Console and games

HP Imaging Device Functions 6.0

HP Photosmart Premier Software 6.0

HP Product Assistant

HP PSC & OfficeJet 5.3.B

HP Rhapsody

HP Solution Center & Imaging Support Tools 5.3

HP Support Overview

HP Update

HP Web Helper

HPProductAssistant

HpSdpAppCoreApp

Insaniquarium Deluxe from Compaq (remove only)

InstantShareDevices

J2SE Runtime Environment 5.0 Update 5

Java Auto Updater

Java 6 Update 20

K-Lite Codec Pack 4.9.5 (Standard)

KhalInstallWrapper

Lagarith Lossless Codec (1.3.19)

Lemonade Tycoon 2 from Compaq (remove only)

Lexibox Deluxe from Compaq (remove only)

LightScribe 1.4.62.1

Logitech SetPoint

Mah Jong Quest from Compaq (remove only)

Malwarebytes' Anti-Malware

MarketResearch

MediaCoder 0.7.2.4536

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Application Error Reporting

Microsoft Away Mode

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Edition 60 Days Trial Welcome Tour

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

Microsoft Works

mIRC

Mozilla Firefox (3.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Netscape Browser (remove only)

NewCopy

Nintendo DS - GBA Max Drive

Norton 360

OptionalContentQFolder

Otto

PanoStandAlone

PC-Doctor 5 for Windows

PhotoGallery

Polar Bowler from Compaq (remove only)

Polar Golfer from Compaq (remove only)

PrintMaster 16

ProductContext

PS2

Puzzle Express from Compaq (remove only)

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

Quicken 2006

QuickTime

RandMap

Readme

RealPlayer

Remove WeatherBug Installer

Ricochet Lost Worlds from Compaq (remove only)

Scan

ScannerCopy

SCRABBLE from Compaq (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Segoe UI

Shin Megami Tensei: Imagine

Shockwave

Shooting Stars Pool from Compaq (remove only)

Shrek 2 Ogre Bowler from Compaq (remove only)

SkinsHP1

Skype

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

NetSvc::
lhqaiyqh

Folder::
c:\program files\Viewpoint

AWF::
c:\program files\Common Files\AOL\1156372331\ee\bak\AOLSoftware.exe
c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
c:\program files\Common Files\AOL\Launch\bak\AOLLaunch.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\Microsoft Location Finder\bak\LocationFinder.exe
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\windows\ehome\bak\ehtray.exe
c:\windows\ehome\ehtray.exe
c:\windows\SMINST\bak\RECGUARD.EXE
c:\windows\SMINST\Recguard.exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Alright, here's the log file:

ComboFix 10-06-22.02 - Compaq_Administrator 06/28/2010 18:38:55.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.474 [GMT -7:00]

Running from: c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Desktop\CFScript.txt

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Viewpoint

c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini

c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini

c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe

c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt

c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll

c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico

c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll

c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))

.

2010-06-14 10:31 . 2010-06-14 10:31 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Symantec

2010-06-13 20:55 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-13 20:55 . 2010-06-13 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-13 20:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-13 20:28 . 2010-06-13 20:28 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\PCHealth

2010-06-10 15:35 . 2010-06-10 15:35 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\PCHealth

2010-06-10 05:18 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 04:29 . 2010-06-09 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-09 04:28 . 2010-06-09 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-09 04:18 . 2010-06-09 04:18 -------- d-----w- c:\program files\Trend Micro

2010-06-08 02:29 . 2010-06-08 02:29 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-07 23:52 . 2010-06-07 23:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-29 01:53 . 2006-09-01 00:47 -------- d-----w- c:\program files\Microsoft Location Finder

2010-06-28 10:53 . 2010-01-21 04:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\BitTorrent

2010-06-27 21:05 . 2009-09-11 11:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-13 20:55 . 2010-01-17 23:28 -------- d-----w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Malwarebytes

2010-06-13 20:55 . 2010-01-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-09 04:29 . 2010-06-09 04:29 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-09 04:29 . 2010-06-09 04:29 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-09 04:29 . 2010-06-09 04:29 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-09 04:18 . 2010-06-09 04:18 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-08 02:23 . 2010-03-08 08:51 -------- d-----w- c:\program files\CCleaner

2010-06-04 10:00 . 2009-08-16 08:39 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-23 22:20 . 2010-05-23 22:20 503808 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\msvcp71.dll

2010-05-23 22:20 . 2010-05-23 22:20 499712 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\jmc.dll

2010-05-23 22:20 . 2010-05-23 22:20 348160 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d1dd2d2-n\msvcr71.dll

2010-05-23 22:20 . 2010-05-23 22:20 61440 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d598d9a-n\decora-sse.dll

2010-05-23 22:20 . 2010-05-23 22:20 12800 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d598d9a-n\decora-d3d.dll

2010-05-23 05:24 . 2010-05-23 05:24 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\msvcp71.dll

2010-05-23 05:24 . 2010-05-23 05:24 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\jmc.dll

2010-05-23 05:24 . 2010-05-23 05:24 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f02121e-n\msvcr71.dll

2010-05-23 05:24 . 2010-05-23 05:24 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45fe5d89-n\decora-sse.dll

2010-05-23 05:24 . 2010-05-23 05:24 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45fe5d89-n\decora-d3d.dll

2010-05-22 22:14 . 2006-02-22 04:49 129440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-21 06:28 . 2006-02-22 04:28 -------- d-----w- c:\program files\Common Files\Java

2010-05-21 06:27 . 2010-05-21 06:27 503808 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\msvcp71.dll

2010-05-21 06:27 . 2010-05-21 06:27 499712 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\jmc.dll

2010-05-21 06:27 . 2010-05-21 06:27 348160 ----a-w- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cd07e2b-n\msvcr71.dll

2008-01-02 05:06 . 2008-01-02 05:06 3441845 -c--a-w- c:\program files\coreftplite.exe

2007-12-24 07:45 . 2007-12-24 07:45 4722512 -c--a-w- c:\program files\MsgPlusLive-450.exe

2006-08-20 17:25 . 2006-08-20 17:25 22 -csha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-02-22 04:50 . 2006-02-22 04:50 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2006-02-22 04:50 . 2006-02-22 04:50 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-22 05:27 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

2006-02-22 05:27 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2005-05-12 06:12 . 2005-05-12 06:12 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2007-05-08 23:24 . 2007-05-08 23:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

2006-08-10 02:23 . 2006-08-09 22:41 4617720 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2006-02-22 05:02 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE

2006-02-22 05:02 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

"TK8 StickyNotes"="c:\program files\TK8 StickyNotes\TK8StickyNotes.exe" [2010-01-21 9136976]

"Google Update"="c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-17 135664]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"PCDrProfiler"="" [N/A]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-21 36903]

Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-8 805392]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/17/2010 1:31 PM 207792]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 1:08 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 1:08 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 1:08 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100625.001\IDSXpx86.sys [6/25/2010 10:30 PM 331640]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [5/16/2009 7:17 PM 10640]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 1:08 AM 117640]

R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/17/2010 1:31 PM 359624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 1:55 AM 102448]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [5/9/2010 6:59 PM 29184]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [1/2/2001 11:53 PM 19677]

.

Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1008Core.job

- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 03:41]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1008UA.job

- c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-17 03:41]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1010Core.job

- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 03:54]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3947833178-3860813541-666376131-1010UA.job

- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 03:54]

.

.

------- Supplementary Scan -------

.

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

TCP: {FFAC27C9-1275-461F-80E7-2FDA8721B8E3} = 207.69.188.185,207.69.188.186

FF - ProfilePath - c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Application Data\Mozilla\Firefox\Profiles\kq7xlrb5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Compaq_Administrator.LNTJJOHNSON\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\Family\Application Data\Move Networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\Family\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 18:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F954480E-62C1-4C7E-B4C0-2D3A3C51B33C}\ProgID]

@DACL=(02 0000)

@="Hruakydj"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3032)

c:\windows\system32\WININET.dll

c:\docume~1\COMPAQ~1.LNT\LOCALS~1\Temp\IadHide5.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\arservice.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\windows\ARPWRMSG.EXE

c:\program files\DISC\DiscGui.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-06-28 19:02:42 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-29 02:02

ComboFix2.txt 2010-06-24 04:10

Pre-Run: 81,807,933,440 bytes free

Post-Run: 81,827,041,280 bytes free

- - End Of File - - 88115E336E15C57372E537557836B3C3

Link to post
Share on other sites

Everything seems to be running fine.

At one point you told me to not run anything without permission, so should I run another quick scan with MBAM to see whether those files still exist or not, and whether or not they can get deleted this time around?

Link to post
Share on other sites

Yes, please.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

It's seems that nothing was infected. Just to be safe though,

I'll preform a full system scan either today or tomorrow.

But let me thank you now for all your help!

I really appreciate you taking your time to help me out.

Here to the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4265

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/1/2010 2:33:43 PM

mbam-log-2010-07-01 (14-33-43).txt

Scan type: Quick scan

Objects scanned: 173423

Time elapsed: 22 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.