needafix Posted August 16, 2010 ID:300861 Share Posted August 16, 2010 Hi Guys,I hope you can help.I recently began having this problem and Symantic Endpoint Protection and AMWBytes has been unable to find the cause.When clicking on the search results of Google or when opening up an email in Hotmail, I am being redirected.(Not every time but often) Sometimes redirected to some laim search results page, sometimes to random pages like yellow pages results, sometimes a video tries to load and start playing.What do you suggest?Thanks in advance for your help! Link to post Share on other sites More sharing options...
needafix Posted August 16, 2010 Author ID:300875 Share Posted August 16, 2010 Hi Guys,I hope you can help.I recently began having this problem and Symantic Endpoint Protection and AMWBytes has been unable to find the cause.When clicking on the search results of Google or when opening up an email in Hotmail, I am being redirected.(Not every time but often) Sometimes redirected to some laim search results page, sometimes to random pages like yellow pages results, sometimes a video tries to load and start playing.What do you suggest?Thanks in advance for your help!This was the most recent AMWB results:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4434Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/15/2010 7:45:27 PMmbam-log-2010-08-15 (19-45-27).txtScan type: Full scan (C:\|D:\|)Objects scanned: 208265Time elapsed: 59 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
needafix Posted August 16, 2010 Author ID:301157 Share Posted August 16, 2010 Hi,I am new to this so don't know how long long it usually takes to hear back from someone but I wanted to add also that I recently wiped out my hard drive and reinstalled the op. sys. because of a virus/malware (Malware Doctor??). Shortly afterwards is when this redirecting started.I hope someone can help me with this.Thanks so much! Link to post Share on other sites More sharing options...
needafix Posted August 17, 2010 Author ID:301533 Share Posted August 17, 2010 Going out of the country Saturday.I don't want to be a pain in the neck but do you think it is possible to get some assistance before I go?If not, I will need to repost when I get back.Thanks so much!! Link to post Share on other sites More sharing options...
Staff screen317 Posted August 18, 2010 Staff ID:301728 Share Posted August 18, 2010 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
needafix Posted August 18, 2010 Author ID:301737 Share Posted August 18, 2010 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.Chris,First, Thanks so much for your help!!Next, I wanted to let you know that Verizon FIOS, My ISP, has provided me with a static DNS address to try to prevent redirecting while my system is cleaned up.Here is the MBAM results to look at while I run the next scan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4442Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/17/2010 9:41:37 PMmbam-log-2010-08-17 (21-41-37).txtScan type: Quick scanObjects scanned: 156807Time elapsed: 17 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
needafix Posted August 18, 2010 Author ID:301739 Share Posted August 18, 2010 Chris,First, Thanks so much for your help!!Next, I wanted to let you know that Verizon FIOS, My ISP, has provided me with a static DNS address to try to prevent redirecting while my system is cleaned up.Here is the MBAM results to look at while I run the next scan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4442Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/17/2010 9:41:37 PMmbam-log-2010-08-17 (21-41-37).txtScan type: Quick scanObjects scanned: 156807Time elapsed: 17 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)OK. Here is the other scan:DDS (Ver_10-03-17.01) - NTFSx86 Run by Alan at 21:46:59.32 on Tue 08/17/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.144 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Alan\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://co114w.col114.mail.live.com/default.aspx?wa=wsignin1.0BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exemRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /traymRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [AGRSMMSG] AGRSMMSG.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [TFncKy] TFncKy.exemRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exemRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorunStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279850290022DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279850423544DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabTCP: {5A1A5F26-C077-420F-92F4-32B14367C516} = 4.2.2.2,4.2.2.3TCP: {E3A235BD-B1A4-4EA7-8F44-C6CB28BBF1BC} = 4.2.2.2Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxsrvc.dll============= SERVICES / DRIVERS ===============R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-23 102448]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100817.035\NAVENG.SYS [2010-8-17 85424]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100817.035\NAVEX15.SYS [2010-8-17 1362608]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 135664]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-7 14336]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]=============== Created Last 30 ==================================== Find3M ====================2010-07-23 01:00:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll============= FINISH: 21:47:27.52 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted August 18, 2010 Staff ID:302086 Share Posted August 18, 2010 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
needafix Posted August 18, 2010 Author ID:302139 Share Posted August 18, 2010 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317Here is the ComboFix.txt.I will now run and post the new DDS log:ComboFix 10-08-17.04 - Alan 08/18/2010 18:46:36.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.263 [GMT -4:00]Running from: c:\documents and settings\Alan\Desktop\ComboFix.exeAV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}.((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))).2010-08-12 21:06 . 2010-08-12 21:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-08-08 23:34 . 2010-08-09 01:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-08-08 23:29 . 2010-08-08 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-08-08 13:28 . 2010-08-08 13:28 -------- d-----w- c:\windows\Sun2010-08-07 23:49 . 1995-07-31 17:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL2010-08-07 23:49 . 2008-04-26 01:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll2010-08-07 23:49 . 2008-04-26 01:06 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys2010-08-07 23:49 . 2005-04-27 20:36 245408 ----a-w- c:\windows\system32\unicows.dll2010-08-07 23:32 . 2010-08-07 23:32 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\ArcSoft2010-08-07 23:32 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys2010-08-07 23:32 . 2010-08-07 23:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft2010-08-07 23:30 . 2010-08-07 23:49 -------- d-----w- c:\program files\ArcSoft2010-08-07 23:30 . 2010-08-07 23:32 -------- d-----w- c:\program files\Common Files\ArcSoft2010-08-07 23:29 . 2010-08-07 23:51 -------- d-----w- c:\documents and settings\Alan\Application Data\ArcSoft2010-08-06 17:37 . 2010-08-06 17:37 -------- d-----w- c:\program files\Common Files\Java2010-08-06 17:37 . 2010-08-06 17:37 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\msvcp71.dll2010-08-06 17:37 . 2010-08-06 17:37 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\jmc.dll2010-08-06 17:37 . 2010-08-06 17:37 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\msvcr71.dll2010-08-06 17:37 . 2010-08-06 17:37 61440 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-406c14ef-n\decora-sse.dll2010-08-06 17:37 . 2010-08-06 17:37 12800 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-406c14ef-n\decora-d3d.dll2010-08-06 17:37 . 2010-08-06 17:36 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-08-06 17:36 . 2010-08-06 17:36 -------- d-----w- c:\program files\Java2010-08-04 00:47 . 2010-08-04 00:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Identities2010-08-03 23:58 . 2010-08-03 23:58 -------- d-----w- c:\windows\system32\LogFiles2010-07-28 19:44 . 2010-07-28 19:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple2010-07-26 23:34 . 2010-07-26 23:34 -------- d-----w- c:\program files\Rosetta Stone2010-07-26 23:34 . 2010-07-26 23:34 -------- d--h--w- c:\program files\Zero G Registry2010-07-26 23:33 . 2010-07-26 23:33 -------- d--h--w- c:\documents and settings\Alan\InstallAnywhere2010-07-26 00:58 . 2010-07-28 11:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Adobe2010-07-25 21:20 . 2010-07-25 21:20 -------- d-----w- c:\documents and settings\Alan\Application Data\Hewlett-Packard2010-07-25 21:15 . 2010-07-25 21:15 -------- d-----w- c:\program files\Common Files\Hewlett-Packard2010-07-25 21:14 . 2010-07-25 21:15 -------- d-----w- c:\program files\Hewlett-Packard2010-07-25 21:13 . 2010-07-25 21:17 19558 ----a-w- c:\windows\hpoins01.dat2010-07-25 21:13 . 2003-04-22 14:24 16606 ------w- c:\windows\hpomdl01.dat2010-07-25 21:12 . 2010-07-25 21:13 -------- d-----w- c:\temp\HP All-in-One Series Web Release2010-07-25 21:00 . 2010-07-25 21:17 -------- d-----w- c:\temp\FixEngine2010-07-25 21:00 . 2010-07-25 21:12 -------- d-----w- C:\temp2010-07-25 20:58 . 2010-07-25 20:58 10134 ----a-r- c:\documents and settings\Alan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe2010-07-25 20:58 . 2010-07-25 20:58 -------- d-----w- c:\program files\Hp2010-07-25 20:58 . 2010-07-25 20:58 -------- d-----w- c:\windows\Downloaded Installations2010-07-25 20:43 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys2010-07-25 20:43 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys2010-07-25 20:08 . 2010-07-25 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2010-07-25 20:08 . 2010-07-25 20:08 -------- d-----w- c:\documents and settings\Alan\Application Data\Office Genuine Advantage2010-07-25 00:40 . 2010-07-25 00:40 230432 ----a-w- C:\PA7302.DAT2010-07-25 00:28 . 2010-07-25 00:28 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-07-25 00:28 . 2010-07-25 00:28 -------- d-----w- c:\program files\Common Files\Adobe AIR2010-07-25 00:27 . 2010-07-25 00:27 -------- d-----w- c:\documents and settings\Alan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12010-07-25 00:27 . 2010-07-25 00:28 38784 ----a-w- c:\documents and settings\Alan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-07-25 00:25 . 2010-07-25 00:25 -------- d-----w- c:\program files\QuickTime2010-07-25 00:25 . 2010-07-25 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\program files\Common Files\Apple2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Apple2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\program files\Apple Software Update2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2010-07-25 00:23 . 2010-07-25 00:23 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Apple Computer2010-07-25 00:11 . 2010-07-25 00:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat2010-07-25 00:10 . 2010-08-08 14:48 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM2010-07-25 00:07 . 2010-08-08 23:36 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Temp2010-07-25 00:07 . 2010-07-25 00:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2010-07-25 00:02 . 2010-07-25 00:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2010-07-25 00:02 . 2010-08-08 15:06 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype2010-07-25 00:02 . 2010-08-09 01:34 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Google2010-07-25 00:01 . 2010-08-08 23:30 -------- d-----w- c:\program files\Google2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----w- c:\program files\Common Files\Skype2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----r- c:\program files\Skype2010-07-25 00:00 . 2010-07-25 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2010-07-24 23:17 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys2010-07-24 23:17 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2010-07-24 23:17 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys2010-07-24 23:17 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2010-07-24 23:17 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys2010-07-24 23:17 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2010-07-24 23:17 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys2010-07-24 23:17 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2010-07-24 23:17 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys2010-07-24 23:17 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2010-07-24 23:16 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys2010-07-24 23:16 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2010-07-24 23:16 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys2010-07-24 23:16 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2010-07-24 23:16 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll2010-07-24 23:16 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2010-07-24 22:59 . 2010-07-28 11:49 -------- d-----w- c:\program files\Common Files\Adobe2010-07-24 22:57 . 2006-11-03 14:59 48128 ------w- c:\windows\system32\Remove.exe2010-07-24 22:57 . 2007-09-10 12:50 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS2010-07-24 22:57 . 2007-09-05 21:01 6656 ----a-w- c:\windows\system32\CoInst_070910.dll2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\program files\Aecotech2010-07-24 22:57 . 2006-10-12 15:57 14336 ----a-w- c:\windows\system32\P7302USD.dll2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\program files\Common Files\PAC73022010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\windows\PixArt2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\Alan\Application Data\InstallShield2010-07-24 22:56 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys2010-07-24 22:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2010-07-24 22:53 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2010-07-24 22:53 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys2010-07-24 22:42 . 2010-07-24 22:42 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes2010-07-24 22:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-24 22:41 . 2010-07-24 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-24 22:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-24 22:41 . 2010-07-24 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-24 04:21 . 2010-07-24 04:21 -------- d-sh--w- c:\documents and settings\Alan\IECompatCache2010-07-24 03:30 . 2010-07-24 03:30 2605008 ----a-w- c:\documents and settings\Alan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe2010-07-24 02:47 . 2007-04-09 17:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll2010-07-24 02:47 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll2010-07-24 02:46 . 2010-07-24 02:46 -------- d-----w- c:\program files\Common Files\L&H2010-07-24 02:45 . 2010-07-24 02:45 -------- d-----w- c:\program files\Microsoft.NET2010-07-24 02:45 . 2010-07-24 02:45 -------- d-----w- c:\program files\Microsoft ActiveSync2010-07-24 02:45 . 2010-07-24 23:18 -------- d-----w- c:\program files\Microsoft Works2010-07-24 02:44 . 2010-07-24 02:45 -------- d-----w- c:\windows\SHELLNEW2010-07-24 02:38 . 2010-07-24 02:38 -------- d-sh--w- c:\documents and settings\Alexander\PrivacIE2010-07-24 01:32 . 2004-11-12 21:57 49664 ----a-w- c:\windows\system32\TvsCtrl.dll2010-07-24 01:32 . 2004-11-12 21:57 29056 ----a-w- c:\windows\system32\drivers\Tvs.sys2010-07-24 01:32 . 2004-07-28 18:26 29184 ----a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys2010-07-24 01:32 . 2004-05-21 13:16 28032 ----a-w- c:\windows\system32\drivers\WOWXT_kern_i386.sys2010-07-24 01:32 . 2010-07-24 01:32 -------- d-----w- C:\Virtual Sound.temp2010-07-24 01:30 . 2004-09-07 21:35 102400 ----a-w- c:\windows\system32\TCtrlCommon.dll2010-07-24 01:30 . 2010-07-24 01:30 -------- d-----w- C:\Controls.temp2010-07-24 01:29 . 2010-07-24 01:32 -------- d-----w- c:\program files\Toshiba2010-07-24 01:29 . 2003-06-11 12:53 6867 ----a-w- c:\windows\system32\drivers\tbiosdrv.sys2010-07-24 01:29 . 2001-10-18 14:39 90112 ------w- c:\windows\InstDrvr.exe2010-07-24 01:28 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe2010-07-24 01:28 . 2010-07-24 01:28 -------- d-----w- c:\documents and settings\Alan\WINDOWS2010-07-24 01:12 . 2010-07-24 01:12 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Symantec2010-07-24 01:12 . 2010-06-02 23:59 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-07 23:49 . 2010-07-23 01:30 -------- d--h--w- c:\program files\InstallShield Installation Information2010-07-24 02:40 . 2010-07-24 02:40 13104 ----a-w- c:\documents and settings\Catalina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-24 02:38 . 2010-07-24 02:38 13104 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-24 01:10 . 2010-07-24 01:10 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-07-24 01:10 . 2010-07-24 01:10 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-07-24 01:01 . 2010-07-23 01:30 -------- d-----w- c:\program files\Common Files\InstallShield2010-07-23 04:40 . 2010-07-23 01:03 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat2010-07-23 01:30 . 2010-07-23 01:30 -------- d-----w- c:\program files\Analog Devices2010-07-23 01:25 . 2010-07-23 01:25 -------- d-----w- c:\program files\Intel2010-07-23 01:04 . 2010-07-23 01:04 -------- d-----w- c:\program files\microsoft frontpage2010-07-23 01:00 . 2010-07-23 01:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat2010-06-30 12:31 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44 . 2001-08-23 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27 . 2001-08-23 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03 . 2001-08-23 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 14:31 . 2010-07-23 01:01 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe2010-06-14 07:41 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-08 39408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]"TFncKy"="TFncKy.exe" [bU]"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 73728]"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-08-08 126976]c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/23/2010 9:32 PM 102448]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 7:30 PM 135664]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [8/7/2010 7:49 PM 14336]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520].Contents of the 'Scheduled Tasks' folder2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2010-08-09 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4280092755.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]2010-08-18 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-08 23:29]2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 23:30]2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 23:30]2010-08-17 c:\windows\Tasks\OGALogon.job- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]..------- Supplementary Scan -------.uStart Page = hxxp://co114w.col114.mail.live.com/default.aspx?wa=wsignin1.0IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlTCP: {5A1A5F26-C077-420F-92F4-32B14367C516} = 4.2.2.2,4.2.2.3TCP: {E3A235BD-B1A4-4EA7-8F44-C6CB28BBF1BC} = 4.2.2.2.- - - - ORPHANS REMOVED - - - -SafeBoot-Symantec Antvirus**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-18 18:52Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(832)c:\windows\system32\WININET.dllc:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.Completion time: 2010-08-18 18:54:50ComboFix-quarantined-files.txt 2010-08-18 22:54Pre-Run: 18,362,101,760 bytes freePost-Run: 18,578,403,328 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn- - End Of File - - 02A59622192E8DD750DF9E50DE5FA520 Link to post Share on other sites More sharing options...
needafix Posted August 18, 2010 Author ID:302142 Share Posted August 18, 2010 Here is the ComboFix.txt.I will now run and post the new DDS log:ComboFix 10-08-17.04 - Alan 08/18/2010 18:46:36.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.263 [GMT -4:00]Running from: c:\documents and settings\Alan\Desktop\ComboFix.exeAV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}.((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))).2010-08-12 21:06 . 2010-08-12 21:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-08-08 23:34 . 2010-08-09 01:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-08-08 23:29 . 2010-08-08 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-08-08 13:28 . 2010-08-08 13:28 -------- d-----w- c:\windows\Sun2010-08-07 23:49 . 1995-07-31 17:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL2010-08-07 23:49 . 2008-04-26 01:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll2010-08-07 23:49 . 2008-04-26 01:06 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys2010-08-07 23:49 . 2005-04-27 20:36 245408 ----a-w- c:\windows\system32\unicows.dll2010-08-07 23:32 . 2010-08-07 23:32 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\ArcSoft2010-08-07 23:32 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys2010-08-07 23:32 . 2010-08-07 23:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft2010-08-07 23:30 . 2010-08-07 23:49 -------- d-----w- c:\program files\ArcSoft2010-08-07 23:30 . 2010-08-07 23:32 -------- d-----w- c:\program files\Common Files\ArcSoft2010-08-07 23:29 . 2010-08-07 23:51 -------- d-----w- c:\documents and settings\Alan\Application Data\ArcSoft2010-08-06 17:37 . 2010-08-06 17:37 -------- d-----w- c:\program files\Common Files\Java2010-08-06 17:37 . 2010-08-06 17:37 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\msvcp71.dll2010-08-06 17:37 . 2010-08-06 17:37 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\jmc.dll2010-08-06 17:37 . 2010-08-06 17:37 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-569b6554-n\msvcr71.dll2010-08-06 17:37 . 2010-08-06 17:37 61440 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-406c14ef-n\decora-sse.dll2010-08-06 17:37 . 2010-08-06 17:37 12800 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-406c14ef-n\decora-d3d.dll2010-08-06 17:37 . 2010-08-06 17:36 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-08-06 17:36 . 2010-08-06 17:36 -------- d-----w- c:\program files\Java2010-08-04 00:47 . 2010-08-04 00:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Identities2010-08-03 23:58 . 2010-08-03 23:58 -------- d-----w- c:\windows\system32\LogFiles2010-07-28 19:44 . 2010-07-28 19:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple2010-07-26 23:34 . 2010-07-26 23:34 -------- d-----w- c:\program files\Rosetta Stone2010-07-26 23:34 . 2010-07-26 23:34 -------- d--h--w- c:\program files\Zero G Registry2010-07-26 23:33 . 2010-07-26 23:33 -------- d--h--w- c:\documents and settings\Alan\InstallAnywhere2010-07-26 00:58 . 2010-07-28 11:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Adobe2010-07-25 21:20 . 2010-07-25 21:20 -------- d-----w- c:\documents and settings\Alan\Application Data\Hewlett-Packard2010-07-25 21:15 . 2010-07-25 21:15 -------- d-----w- c:\program files\Common Files\Hewlett-Packard2010-07-25 21:14 . 2010-07-25 21:15 -------- d-----w- c:\program files\Hewlett-Packard2010-07-25 21:13 . 2010-07-25 21:17 19558 ----a-w- c:\windows\hpoins01.dat2010-07-25 21:13 . 2003-04-22 14:24 16606 ------w- c:\windows\hpomdl01.dat2010-07-25 21:12 . 2010-07-25 21:13 -------- d-----w- c:\temp\HP All-in-One Series Web Release2010-07-25 21:00 . 2010-07-25 21:17 -------- d-----w- c:\temp\FixEngine2010-07-25 21:00 . 2010-07-25 21:12 -------- d-----w- C:\temp2010-07-25 20:58 . 2010-07-25 20:58 10134 ----a-r- c:\documents and settings\Alan\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe2010-07-25 20:58 . 2010-07-25 20:58 -------- d-----w- c:\program files\Hp2010-07-25 20:58 . 2010-07-25 20:58 -------- d-----w- c:\windows\Downloaded Installations2010-07-25 20:43 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys2010-07-25 20:43 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys2010-07-25 20:08 . 2010-07-25 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2010-07-25 20:08 . 2010-07-25 20:08 -------- d-----w- c:\documents and settings\Alan\Application Data\Office Genuine Advantage2010-07-25 00:40 . 2010-07-25 00:40 230432 ----a-w- C:\PA7302.DAT2010-07-25 00:28 . 2010-07-25 00:28 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-07-25 00:28 . 2010-07-25 00:28 -------- d-----w- c:\program files\Common Files\Adobe AIR2010-07-25 00:27 . 2010-07-25 00:27 -------- d-----w- c:\documents and settings\Alan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12010-07-25 00:27 . 2010-07-25 00:28 38784 ----a-w- c:\documents and settings\Alan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-07-25 00:25 . 2010-07-25 00:25 -------- d-----w- c:\program files\QuickTime2010-07-25 00:25 . 2010-07-25 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\program files\Common Files\Apple2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Apple2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\program files\Apple Software Update2010-07-25 00:24 . 2010-07-25 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2010-07-25 00:23 . 2010-07-25 00:23 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Apple Computer2010-07-25 00:11 . 2010-07-25 00:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat2010-07-25 00:10 . 2010-08-08 14:48 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM2010-07-25 00:07 . 2010-08-08 23:36 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Temp2010-07-25 00:07 . 2010-07-25 00:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2010-07-25 00:02 . 2010-07-25 00:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2010-07-25 00:02 . 2010-08-08 15:06 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype2010-07-25 00:02 . 2010-08-09 01:34 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Google2010-07-25 00:01 . 2010-08-08 23:30 -------- d-----w- c:\program files\Google2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----w- c:\program files\Common Files\Skype2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----r- c:\program files\Skype2010-07-25 00:00 . 2010-07-25 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2010-07-24 23:17 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys2010-07-24 23:17 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2010-07-24 23:17 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys2010-07-24 23:17 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2010-07-24 23:17 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys2010-07-24 23:17 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2010-07-24 23:17 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys2010-07-24 23:17 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2010-07-24 23:17 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys2010-07-24 23:17 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2010-07-24 23:16 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys2010-07-24 23:16 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2010-07-24 23:16 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys2010-07-24 23:16 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2010-07-24 23:16 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll2010-07-24 23:16 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2010-07-24 22:59 . 2010-07-28 11:49 -------- d-----w- c:\program files\Common Files\Adobe2010-07-24 22:57 . 2006-11-03 14:59 48128 ------w- c:\windows\system32\Remove.exe2010-07-24 22:57 . 2007-09-10 12:50 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS2010-07-24 22:57 . 2007-09-05 21:01 6656 ----a-w- c:\windows\system32\CoInst_070910.dll2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\program files\Aecotech2010-07-24 22:57 . 2006-10-12 15:57 14336 ----a-w- c:\windows\system32\P7302USD.dll2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\program files\Common Files\PAC73022010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\windows\PixArt2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\Alan\Application Data\InstallShield2010-07-24 22:56 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys2010-07-24 22:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2010-07-24 22:53 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2010-07-24 22:53 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys2010-07-24 22:42 . 2010-07-24 22:42 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes2010-07-24 22:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-24 22:41 . 2010-07-24 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-24 22:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-24 22:41 . 2010-07-24 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-24 04:21 . 2010-07-24 04:21 -------- d-sh--w- c:\documents and settings\Alan\IECompatCache2010-07-24 03:30 . 2010-07-24 03:30 2605008 ----a-w- c:\documents and settings\Alan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe2010-07-24 02:47 . 2007-04-09 17:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll2010-07-24 02:47 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll2010-07-24 02:46 . 2010-07-24 02:46 -------- d-----w- c:\program files\Common Files\L&H2010-07-24 02:45 . 2010-07-24 02:45 -------- d-----w- c:\program files\Microsoft.NET2010-07-24 02:45 . 2010-07-24 02:45 -------- d-----w- c:\program files\Microsoft ActiveSync2010-07-24 02:45 . 2010-07-24 23:18 -------- d-----w- c:\program files\Microsoft Works2010-07-24 02:44 . 2010-07-24 02:45 -------- d-----w- c:\windows\SHELLNEW2010-07-24 02:38 . 2010-07-24 02:38 -------- d-sh--w- c:\documents and settings\Alexander\PrivacIE2010-07-24 01:32 . 2004-11-12 21:57 49664 ----a-w- c:\windows\system32\TvsCtrl.dll2010-07-24 01:32 . 2004-11-12 21:57 29056 ----a-w- c:\windows\system32\drivers\Tvs.sys2010-07-24 01:32 . 2004-07-28 18:26 29184 ----a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys2010-07-24 01:32 . 2004-05-21 13:16 28032 ----a-w- c:\windows\system32\drivers\WOWXT_kern_i386.sys2010-07-24 01:32 . 2010-07-24 01:32 -------- d-----w- C:\Virtual Sound.temp2010-07-24 01:30 . 2004-09-07 21:35 102400 ----a-w- c:\windows\system32\TCtrlCommon.dll2010-07-24 01:30 . 2010-07-24 01:30 -------- d-----w- C:\Controls.temp2010-07-24 01:29 . 2010-07-24 01:32 -------- d-----w- c:\program files\Toshiba2010-07-24 01:29 . 2003-06-11 12:53 6867 ----a-w- c:\windows\system32\drivers\tbiosdrv.sys2010-07-24 01:29 . 2001-10-18 14:39 90112 ------w- c:\windows\InstDrvr.exe2010-07-24 01:28 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe2010-07-24 01:28 . 2010-07-24 01:28 -------- d-----w- c:\documents and settings\Alan\WINDOWS2010-07-24 01:12 . 2010-07-24 01:12 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Symantec2010-07-24 01:12 . 2010-06-02 23:59 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-07 23:49 . 2010-07-23 01:30 -------- d--h--w- c:\program files\InstallShield Installation Information2010-07-24 02:40 . 2010-07-24 02:40 13104 ----a-w- c:\documents and settings\Catalina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-24 02:38 . 2010-07-24 02:38 13104 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-24 01:10 . 2010-07-24 01:10 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-07-24 01:10 . 2010-07-24 01:10 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-07-24 01:01 . 2010-07-23 01:30 -------- d-----w- c:\program files\Common Files\InstallShield2010-07-23 04:40 . 2010-07-23 01:03 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat2010-07-23 01:30 . 2010-07-23 01:30 -------- d-----w- c:\program files\Analog Devices2010-07-23 01:25 . 2010-07-23 01:25 -------- d-----w- c:\program files\Intel2010-07-23 01:04 . 2010-07-23 01:04 -------- d-----w- c:\program files\microsoft frontpage2010-07-23 01:00 . 2010-07-23 01:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat2010-06-30 12:31 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44 . 2001-08-23 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27 . 2001-08-23 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03 . 2001-08-23 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 14:31 . 2010-07-23 01:01 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe2010-06-14 07:41 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-08 39408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]"TFncKy"="TFncKy.exe" [bU]"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 73728]"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-08-08 126976]c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/23/2010 9:32 PM 102448]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 7:30 PM 135664]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [8/7/2010 7:49 PM 14336]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520].Contents of the 'Scheduled Tasks' folder2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2010-08-09 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4280092755.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]2010-08-18 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-08 23:29]2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 23:30]2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 23:30]2010-08-17 c:\windows\Tasks\OGALogon.job- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]..------- Supplementary Scan -------.uStart Page = hxxp://co114w.col114.mail.live.com/default.aspx?wa=wsignin1.0IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlTCP: {5A1A5F26-C077-420F-92F4-32B14367C516} = 4.2.2.2,4.2.2.3TCP: {E3A235BD-B1A4-4EA7-8F44-C6CB28BBF1BC} = 4.2.2.2.- - - - ORPHANS REMOVED - - - -SafeBoot-Symantec Antvirus**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-18 18:52Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(832)c:\windows\system32\WININET.dllc:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.Completion time: 2010-08-18 18:54:50ComboFix-quarantined-files.txt 2010-08-18 22:54Pre-Run: 18,362,101,760 bytes freePost-Run: 18,578,403,328 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn- - End Of File - - 02A59622192E8DD750DF9E50DE5FA520And here is the new DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Alan at 19:00:56.40 on Wed 08/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.83 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Alan\Desktop\dds.scrC:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe============== Pseudo HJT Report ===============uStart Page = hxxp://co114w.col114.mail.live.com/default.aspx?wa=wsignin1.0BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [AGRSMMSG] AGRSMMSG.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [TFncKy] TFncKy.exemRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exemRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorunStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279850290022DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279850423544DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabTCP: {5A1A5F26-C077-420F-92F4-32B14367C516} = 4.2.2.2,4.2.2.3TCP: {E3A235BD-B1A4-4EA7-8F44-C6CB28BBF1BC} = 4.2.2.2Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxsrvc.dll============= SERVICES / DRIVERS ===============R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-23 102448]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100817.035\NAVENG.SYS [2010-8-17 85424]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100817.035\NAVEX15.SYS [2010-8-17 1362608]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 135664]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-8-7 14336]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]=============== Created Last 30 ================2010-08-18 22:46:01 0 d-sha-r- C:\cmdcons2010-08-18 22:43:21 98816 ----a-w- c:\windows\sed.exe2010-08-18 22:43:21 77312 ----a-w- c:\windows\MBR.exe2010-08-18 22:43:21 256512 ----a-w- c:\windows\PEV.exe2010-08-18 22:43:21 161792 ----a-w- c:\windows\SWREG.exe2010-08-07 23:49:28 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL2010-08-07 23:49:18 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll2010-08-07 23:49:18 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys2010-08-07 23:49:17 245408 ----a-w- c:\windows\system32\unicows.dll2010-08-07 23:32:11 18688 ----a-w- c:\windows\system32\drivers\afc.sys2010-08-07 23:32:09 0 d--h--w- c:\docume~1\alluse~1\applic~1\ArcSoft2010-08-06 17:37:18 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-08-06 17:37:18 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-08-03 23:58:10 0 d-----w- c:\windows\system32\LogFiles2010-07-26 23:34:35 0 d--h--w- c:\program files\Zero G Registry2010-07-26 23:34:35 0 d-----w- c:\program files\Rosetta Stone2010-07-26 23:33:49 0 d--h--w- c:\documents and settings\alan\InstallAnywhere2010-07-25 21:19:47 488 ----a-w- C:\hpfr5550.xml2010-07-25 21:15:39 0 d-----w- c:\program files\common files\Hewlett-Packard2010-07-25 21:13:28 19558 ----a-w- c:\windows\hpoins01.dat2010-07-25 21:13:28 16606 ------w- c:\windows\hpomdl01.dat2010-07-25 21:12:39 0 d-----w- c:\temp\HP All-in-One Series Web Release2010-07-25 21:00:23 0 d-----w- c:\temp\FixEngine2010-07-25 21:00:23 0 d-----w- C:\temp2010-07-25 20:58:36 0 d-----w- c:\program files\Hp2010-07-25 20:58:30 0 d-----w- c:\windows\Downloaded Installations2010-07-25 20:43:24 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys2010-07-25 20:43:24 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys2010-07-25 20:08:32 0 d-----w- c:\docume~1\alan\applic~1\Office Genuine Advantage2010-07-25 00:40:18 230432 ----a-w- C:\PA7302.DAT2010-07-25 00:27:12 0 d-----w- c:\docume~1\alan\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12010-07-25 00:11:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat2010-07-25 00:01:00 0 d-----r- c:\program files\Skype2010-07-24 23:17:33 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys2010-07-24 23:17:33 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys2010-07-24 23:17:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys2010-07-24 23:17:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys2010-07-24 23:17:08 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax2010-07-24 23:17:08 16384 ----a-w- c:\windows\system32\ipsink.ax2010-07-24 23:17:08 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys2010-07-24 23:17:08 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys2010-07-24 23:17:05 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys2010-07-24 23:17:05 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys2010-07-24 23:17:00 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys2010-07-24 23:17:00 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS2010-07-24 23:16:57 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys2010-07-24 23:16:57 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys2010-07-24 23:16:53 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys2010-07-24 23:16:53 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys2010-07-24 23:16:29 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax2010-07-24 23:16:29 91136 ----a-w- c:\windows\system32\kswdmcap.ax2010-07-24 23:16:29 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll2010-07-24 23:16:29 53760 ----a-w- c:\windows\system32\vfwwdm32.dll2010-07-24 23:16:29 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax2010-07-24 23:16:29 43008 ----a-w- c:\windows\system32\ksxbar.ax2010-07-24 23:16:28 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax2010-07-24 23:16:28 61952 ----a-w- c:\windows\system32\kstvtune.ax2010-07-24 22:57:38 769 ------w- c:\windows\system32\Remover.ini2010-07-24 22:57:38 48128 ------w- c:\windows\system32\Remove.exe2010-07-24 22:57:37 6656 ----a-w- c:\windows\system32\CoInst_070910.dll2010-07-24 22:57:37 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS2010-07-24 22:57:35 0 d-----w- c:\program files\Aecotech2010-07-24 22:57:34 566 ----a-w- c:\windows\system32\SP7302.ini2010-07-24 22:57:34 14336 ----a-w- c:\windows\system32\P7302USD.dll2010-07-24 22:57:34 129024 ----a-w- c:\windows\system32\SP7302.ax2010-07-24 22:57:31 0 d-----w- c:\windows\PixArt2010-07-24 22:57:31 0 d-----w- c:\program files\common files\PAC73022010-07-24 22:56:20 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys2010-07-24 22:56:20 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2010-07-24 22:53:30 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2010-07-24 22:53:30 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys2010-07-24 22:42:18 0 d-----w- c:\docume~1\alan\applic~1\Malwarebytes2010-07-24 22:41:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-24 22:41:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-24 22:41:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-24 22:41:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-24 04:21:58 0 d-sh--w- c:\documents and settings\alan\IECompatCache2010-07-24 02:47:34 376 ----a-w- c:\windows\ODBC.INI2010-07-24 02:47:25 28040 ----a-w- c:\windows\system32\mdimon.dll2010-07-24 02:46:13 0 d-----w- c:\program files\common files\L&H2010-07-24 02:45:47 0 d-----w- c:\program files\Microsoft ActiveSync2010-07-24 02:44:34 0 d-----w- c:\windows\SHELLNEW2010-07-24 01:32:15 49664 ----a-w- c:\windows\system32\TvsCtrl.dll2010-07-24 01:32:15 29184 ----a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys2010-07-24 01:32:15 29056 ----a-w- c:\windows\system32\drivers\Tvs.sys2010-07-24 01:32:15 28032 ----a-w- c:\windows\system32\drivers\WOWXT_kern_i386.sys2010-07-24 01:32:03 0 d-----w- C:\Virtual Sound.temp2010-07-24 01:30:48 102400 ----a-w- c:\windows\system32\TCtrlCommon.dll2010-07-24 01:30:33 0 d-----w- C:\Controls.temp2010-07-24 01:29:06 90112 ------w- c:\windows\InstDrvr.exe2010-07-24 01:29:06 700 ----a-w- c:\windows\system32\drivers\tbios.inf2010-07-24 01:29:06 6867 ----a-w- c:\windows\system32\drivers\tbiosdrv.sys2010-07-24 01:29:06 0 d-----w- c:\program files\Toshiba2010-07-24 01:28:54 306688 ----a-w- c:\windows\IsUninst.exe2010-07-24 01:28:42 0 d-----w- c:\documents and settings\alan\WINDOWS2010-07-24 01:12:18 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys2010-07-24 01:10:49 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys2010-07-24 01:10:28 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-07-24 01:10:28 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-07-24 01:10:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-07-24 01:10:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-07-24 01:09:46 503808 ----a-w- c:\windows\system32\MSVCP71.DLL2010-07-24 01:09:46 348160 ----a-w- c:\windows\system32\MSVCR71.DLL2010-07-24 01:09:46 1060864 ----a-w- c:\windows\system32\MFC71.DLL2010-07-24 01:09:32 0 d-----w- c:\program files\Symantec2010-07-24 01:09:32 0 d-----w- c:\program files\common files\Symantec Shared2010-07-24 01:09:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec2010-07-24 01:05:03 88363 ----a-w- c:\windows\agrsmmsg.exe2010-07-24 01:05:03 77824 ----a-w- c:\windows\system32\tosmreg.exe2010-07-24 01:05:03 7671 ----a-w- c:\windows\system32\cseltbl.ini2010-07-24 01:05:03 64512 ------w- c:\windows\agrsmdel.exe2010-07-24 01:05:03 45056 ----a-w- c:\windows\system32\csellang.dll2010-07-24 01:05:03 128113 ----a-w- c:\windows\system32\csellang.ini2010-07-24 01:05:03 110592 ----a-w- c:\windows\system32\cselect.exe2010-07-24 01:05:03 10167 ----a-w- c:\windows\system32\tosmreg.ini2010-07-24 01:05:03 0 d-----w- c:\program files\ltmoh2010-07-24 01:04:51 0 d-----w- c:\windows\Options2010-07-24 01:04:48 0 d-----w- C:\Modem.temp2010-07-24 01:03:35 0 d-----w- c:\windows\system32\SDA2010-07-24 01:03:27 0 d-----w- C:\sdsecure.temp2010-07-24 01:01:32 766 ----a-w- c:\windows\system32\AddRemove.ico2010-07-24 01:01:32 32768 ----a-w- c:\windows\system32\RmWLAN.exe2010-07-24 01:01:32 32768 ----a-w- c:\windows\system32\CloseACU.exe2010-07-24 01:01:32 28672 ----a-w- c:\windows\system32\InstallInf.exe2010-07-24 01:01:32 270336 ----a-w- c:\windows\system32\PlugPlayPCIDevice.exe2010-07-24 01:01:32 163840 ----a-w- c:\windows\system32\MFCFirstRemove.exe2010-07-24 01:01:32 0 d-----w- c:\program files\Atheros2010-07-24 01:01:18 0 d-----w- C:\Atheros Driver.temp2010-07-24 00:57:25 159744 ----a-w- c:\windows\system32\igfxres.dll2010-07-24 00:53:55 0 d-----w- C:\Intel Display.temp2010-07-23 04:36:26 0 d-----w- c:\windows\system32\scripting2010-07-23 04:36:24 0 d-----w- c:\windows\l2schemas2010-07-23 04:36:23 0 d-----w- c:\windows\system32\en2010-07-23 04:31:19 0 d-----w- c:\windows\network diagnostic2010-07-23 04:22:58 8677 -c----w- c:\windows\system32\dllcache\wm7.gif2010-07-23 04:21:59 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys2010-07-23 04:15:47 0 d-sh--w- c:\documents and settings\alan\PrivacIE2010-07-23 04:14:51 0 d-sh--w- c:\documents and settings\alan\IETldCache2010-07-23 04:07:28 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-07-23 04:07:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-07-23 04:07:26 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll2010-07-23 04:07:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2010-07-23 04:07:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-07-23 04:07:26 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll2010-07-23 04:07:26 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll2010-07-23 04:07:22 0 d-----w- c:\windows\ie8updates2010-07-23 04:07:19 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll2010-07-23 04:06:04 0 dc-h--w- c:\windows\ie82010-07-23 03:51:57 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2010-07-23 03:51:43 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe2010-07-23 03:51:10 354304 -c----w- c:\windows\system32\dllcache\srv.sys2010-07-23 03:49:49 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2010-07-23 03:49:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2010-07-23 03:49:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2010-07-23 03:46:36 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-07-23 03:44:27 153088 -c----w- c:\windows\system32\dllcache\triedit.dll2010-07-23 03:39:36 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll2010-07-23 03:39:18 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx2010-07-23 03:33:11 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll2010-07-23 03:32:53 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2010-07-23 03:32:41 331776 -c----w- c:\windows\system32\dllcache\msadce.dll2010-07-23 03:31:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2010-07-23 03:31:11 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2010-07-23 03:26:16 2560 ------w- c:\windows\system32\xpsp4res.dll2010-07-23 03:26:16 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe2010-07-23 03:26:16 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb2010-07-23 03:14:31 0 d-----w- c:\windows\system32\PreInstall2010-07-23 03:14:29 0 d--h--w- c:\windows\$hf_mig$2010-07-23 02:59:06 0 d-----w- c:\windows\system32\wbem\AutoRecover2010-07-23 02:53:21 316640 ----a-w- c:\windows\WMSysPr9.prx2010-07-23 02:52:30 0 d-----w- c:\windows\peernet2010-07-23 02:52:29 0 d-----w- c:\windows\provisioning2010-07-23 02:50:19 0 d-----w- c:\windows\ServicePackFiles2010-07-23 02:46:57 0 d-----w- c:\windows\system32\ReinstallBackups2010-07-23 02:46:48 26144 ----a-w- c:\windows\system32\spupdsvc.exe2010-07-23 02:44:44 0 d-----w- c:\windows\EHome2010-07-23 02:39:37 7208 ------w- c:\windows\system32\secupd.sig2010-07-23 02:39:37 4569 ------w- c:\windows\system32\secupd.dat2010-07-23 02:39:37 11264 ------w- c:\windows\system32\spnpinst.exe2010-07-23 02:26:24 239104 ----a-w- c:\windows\system32\srrstr.dll2010-07-23 02:25:44 25600 ----a-w- c:\windows\system32\xpsp1hfm.exe2010-07-23 02:25:44 0 dc-h--w- c:\windows\$xpsp1hfm$2010-07-23 02:03:36 0 d-----w- c:\windows\system32\bits2010-07-23 02:02:42 8192 ------w- c:\windows\system32\bitsprx2.dll2010-07-23 02:02:42 7168 ------w- c:\windows\system32\bitsprx3.dll2010-07-23 02:02:42 438784 ----a-w- c:\windows\system32\xpob2res.dll2010-07-23 02:02:42 354816 ----a-w- c:\windows\system32\winhttp.dll2010-07-23 02:02:42 18944 ----a-w- c:\windows\system32\qmgrprxy.dll2010-07-23 02:00:51 274288 ----a-w- c:\windows\system32\mucltui.dll2010-07-23 02:00:51 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-07-23 01:30:43 0 d-----w- c:\program files\Analog Devices2010-07-23 01:02:53 0 d-sh--w- c:\documents and settings\all users\DRM2010-07-23 01:01:15 0 d-----w- c:\program files\common files\MSSoap2010-07-23 01:00:21 0 d--h--w- c:\program files\WindowsUpdate2010-07-23 01:00:21 0 d-----w- c:\program files\Online Services2010-07-23 01:00:16 0 d-----w- c:\program files\Messenger2010-07-23 01:00:05 0 d-----w- c:\program files\MSN Gaming Zone2010-07-23 00:59:55 0 d-----w- c:\program files\Windows NT2010-07-22 20:53:29 0 d-----w- c:\program files\common files\ODBC2010-07-22 20:53:26 0 d-----w- c:\program files\common files\SpeechEngines2010-07-22 20:53:00 0 d-----r- c:\documents and settings\all users\Documents==================== Find3M ====================2010-07-23 01:00:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll============= FINISH: 19:01:15.20 =============== Link to post Share on other sites More sharing options...
needafix Posted August 20, 2010 Author ID:303064 Share Posted August 20, 2010 Hi Chris,Hopefully the last results I posted a couple of days back looked OK.I am going out of the country tomorrow for a week so if we don't wrap this up tonight or tomorrow please don't remove this issue as I will only be able to work with you until tomorrow evening (afternoon for you in LA) then not again until next weekend.Thanks for all your help so far! Link to post Share on other sites More sharing options...
Staff screen317 Posted August 22, 2010 Staff ID:303517 Share Posted August 22, 2010 Hi,My apologies for the delay.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306439 Share Posted August 29, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
1972vet Posted August 30, 2010 ID:307114 Share Posted August 30, 2010 Topic re-opened at the request of the member...please carry on. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 31, 2010 Staff ID:307193 Share Posted August 31, 2010 needafix,Post the logs I requested when ready. Link to post Share on other sites More sharing options...
needafix Posted August 31, 2010 Author ID:307209 Share Posted August 31, 2010 Hi,My apologies for the delay.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317Here is the ESET:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=e73606aedcd35144bfeca2f619039adf# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2010-08-30 11:31:37# local_time=2010-08-30 07:31:37 (-0500, Eastern Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=54391# found=0# cleaned=0# scan_time=2107 Link to post Share on other sites More sharing options...
needafix Posted August 31, 2010 Author ID:307213 Share Posted August 31, 2010 Here is the ESET:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=e73606aedcd35144bfeca2f619039adf# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2010-08-30 11:31:37# local_time=2010-08-30 07:31:37 (-0500, Eastern Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=54391# found=0# cleaned=0# scan_time=2107And the S Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Symantec Endpoint Protection Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Adobe Flash Player Adobe Reader 9.3.3 ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ````````````````````````````````DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log```````````` ecurity Check results: Link to post Share on other sites More sharing options...
Staff screen317 Posted September 1, 2010 Staff ID:307684 Share Posted September 1, 2010 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.Restart your computer and let me know what issues remain.-screen317 Link to post Share on other sites More sharing options...
needafix Posted September 1, 2010 Author ID:307808 Share Posted September 1, 2010 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.Restart your computer and let me know what issues remain.-screen317I will do this but I should tell you that the issue seemed to have gone away when my ISP gave me the temporary static DNS server address. Should I go back to automatically aquiring DNS server address now? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 3, 2010 Staff ID:308635 Share Posted September 3, 2010 Yes try going back to the automatic DNS setting.Let me know how it goes. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2010 Staff ID:319590 Share Posted September 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts