Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

whitesmoke toolbar unable to remove

Started by gdwill, Feb 05 2011 12:13 PM

This topic is locked
Go to first unread post

24 replies to this topic

#1
gdwill

Posted 05 February 2011 - 12:13 PM

New Member

Members
13 posts

Computer infected with whitesmoke toolbar, other trojans.
I run malwarebytes, shows programs are removed, but after rebooting, other malware reinstalls ( delio, pup).
Have tried instructions in "I'm infected..."

The most recent MBAM log is attached ( changes everytime I reboot and run again)

Made it though the defogger and DDS steps, but when running gmer, program shut down with message:
" A problem has been detected and windows has been shutdown.
PFN_LIST_CORRUPT
etc

below is text file from DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 11:31:11.43 on Sat 02/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.558 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\HPSIsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Administrator\Desktop\Defogger.exe
C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110120081025.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-19 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-20 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-20 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-20 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-1-28 99896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-12 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-20 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-20 141792]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-20 55840]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-1-28 13824]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-20 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-20 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-1-28 17408]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2010-8-11 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-20 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-20 84264]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]

=============== Created Last 30 ================

2011-02-05 15:14:40 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-02-05 15:11:42 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-02-05 15:00:06 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2011-01-31 19:06:45 -------- d-----w- c:\program files\MSECache
2011-01-29 04:18:37 -------- d-----w- c:\program files\Readiris Pro 12
2011-01-29 03:25:02 -------- d-----w- c:\program files\Yahoo!
2011-01-29 03:19:38 81920 ----a-r- c:\windows\system32\mvusbews.dll
2011-01-29 03:19:38 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys
2011-01-29 03:19:38 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-29 03:15:20 99896 ----a-r- c:\windows\system32\HPSIsvc.exe
2011-01-29 03:13:33 316416 ----a-r- c:\windows\system32\Difxapi.dll
2011-01-29 03:13:33 284160 ----a-r- c:\windows\system32\mvhlewsi.dll
2011-01-20 13:10:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-20 13:10:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-01-20 13:10:16 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 13:10:11 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 13:10:11 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-01-20 13:10:11 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 13:10:11 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-01-20 13:10:11 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-20 13:10:11 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-20 13:10:11 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 13:10:11 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-20 13:10:11 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-18 02:59:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-18 02:48:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-12 19:45:58 -------- d-----w- C:\SBS
2011-01-09 05:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2011-01-08 22:49:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-01-08 22:49:16 -------- d-----w- c:\program files\World of Warcraft

==================== Find3M ====================

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 11:32:27.84 ===============

Attached Files

DDS.txt 15.83K 12 downloads
Attach.txt 24.83K 9 downloads
mbam_log_2011_02_05__10_22_29_.txt 1.01K 13 downloads

#2
Kenny94

Posted 05 February 2011 - 01:28 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

Hi gdwill

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Download ComboFix from below:

Combofix download

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button

#3
gdwill

Posted 05 February 2011 - 02:08 PM

New Member

Members
13 posts

Thanks, Kenny
Ran combo fix as instructed.
Partway through, a message screen came up:
"PEV.exe has encountered a problem and needs to close..."
I ignored it, as the combo fix program continued to run.
I'm attaching the log as text.

I don't know if it matters, but computer did not reboot or prompt me to reboot after combofix ran.

(I did notice the as the program was running it indicated it deleted some files with "search" in name)

Await further instructions.

Gdwill

Kenny94, on Feb 5 2011, 07:28 PM, said:

Hi gdwill

Download ComboFix from below:

Combofix download

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

Attached Files

combofix_results.txt 21.61K 9 downloads

#4
gdwill

Posted 05 February 2011 - 04:30 PM

New Member

Members
13 posts

Not sure if meant to attach combo fix text or post in reply-
here is the text ( I attached it to last reply just in case)

ComboFix 11-02-05.01 - Administrator 02/05/2011 13:45:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.513 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 18:04 . 2011-02-05 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-02-05 15:14 . 2011-02-05 15:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-05 15:11 . 2011-02-05 15:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-05 15:06 . 2011-02-05 15:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2011-02-05 15:00 . 2011-02-05 18:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-02-05 14:59 . 2011-02-05 18:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2011-02-03 20:39 . 2011-02-03 20:39 -------- d-----w- c:\documents and settings\Mark\Application Data\Yahoo!
2011-02-03 20:37 . 2011-02-03 20:44 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2011-01-31 19:06 . 2011-01-31 19:06 -------- d-----w- c:\program files\MSECache
2011-01-29 04:18 . 2011-01-29 04:20 -------- d-----w- c:\program files\Readiris Pro 12
2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo!
2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\program files\Yahoo!
2011-01-29 03:22 . 2011-01-30 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-01-29 03:19 . 2009-11-20 13:35 81920 ----a-r- c:\windows\system32\mvusbews.dll
2011-01-29 03:19 . 2009-11-20 13:35 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys
2011-01-29 03:19 . 2009-11-20 10:49 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-29 03:15 . 2009-12-04 06:49 99896 ----a-r- c:\windows\system32\HPSIsvc.exe
2011-01-29 03:13 . 2009-11-20 13:41 284160 ----a-r- c:\windows\system32\mvhlewsi.dll
2011-01-29 03:13 . 2009-11-20 10:43 316416 ----a-r- c:\windows\system32\Difxapi.dll
2011-01-29 02:52 . 2011-01-29 02:52 -------- d-----w- c:\documents and settings\Mom\Application Data\HP
2011-01-20 13:10 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-20 13:10 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-01-20 13:10 . 2010-10-14 03:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 13:10 . 2010-10-14 03:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 13:10 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-01-20 13:10 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 13:10 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-01-20 13:10 . 2010-10-14 03:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-20 13:10 . 2010-10-14 03:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-20 13:10 . 2010-10-14 03:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 13:10 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-20 13:10 . 2010-10-14 03:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\Mom\Application Data\SUPERAntiSpyware.com
2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-18 02:48 . 2011-01-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-13 20:30 . 2011-01-13 20:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- C:\SBS
2011-01-09 05:41 . 2011-01-09 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2011-01-08 22:49 . 2011-01-09 02:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-01-08 22:49 . 2011-01-17 01:19 -------- d-----w- c:\program files\World of Warcraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-03-24 17:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-03-24 17:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-10 12:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-14 03:28 . 2011-01-20 13:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]

c:\documents and settings\Paul\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Mark\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-06-14 14:28 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 19:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-10 10:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-07 01:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-04-22 01:55 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AlcWzrd"=ALCWZRD.EXE
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/19/2009 11:05 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 8:10 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 11:13 AM 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [1/28/2011 10:15 PM 99896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/12/2010 9:44 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 8:10 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/20/2011 8:10 AM 141792]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 8:10 AM 55840]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [1/28/2011 10:20 PM 13824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 8:10 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/28/2011 10:19 PM 17408]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [8/11/2010 3:57 PM 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:35 PM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 8:10 AM 84264]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-04-26 17:22]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35]

2011-02-05 c:\windows\Tasks\User_Feed_Synchronization-{0B7B97B6-9006-4B05-88C6-072708A98218}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SearchSettings - c:\program files\YouTube Downloader Toolbar\SearchSettings.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2011-02-05 13:58:53
ComboFix-quarantined-files.txt 2011-02-05 18:58

Pre-Run: 69,136,801,792 bytes free
Post-Run: 70,561,226,752 bytes free

- - End Of File - - D0CD0A3F650AA9005E2CA2B8A5F21607

#5
Kenny94

Posted 05 February 2011 - 05:05 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

I'm reviewing your log and will have some more instructions for you in a short while. Thanks for your patience!

#6
Kenny94

Posted 05 February 2011 - 06:33 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

Update Run Malwarebytes

Launch Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#7
gdwill

Posted 05 February 2011 - 07:00 PM

New Member

Members
13 posts

OK
Ran ATF
Then Malwarebyte

No malicious items found, did not ask to reboot

here's text of log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5684

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/5/2011 6:55:18 PM
mbam-log-2011-02-05 (18-55-18).txt

Scan type: Quick scan
Objects scanned: 235291
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8
Kenny94

Posted 05 February 2011 - 07:25 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

There are some very older versions of Java on your computer. These can be a source of infection.

[ Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 23 -
Click the Download button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u123 -windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: 1.6.0_23 from Sun Microsystems Inc.
================================================================================
==============

Your Computer is Clean

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

Posted Image

#9
gdwill

Posted 05 February 2011 - 09:01 PM

New Member

Members
13 posts

Thanks Kenny,
Did all of your suggestions, updates, and setting changes.
Plan to run scan again indifferent user profiles tomorrow, to be sure I'm not getting reinstalls ( thought I had it clean once yesterday)
Will repost tomorrow (either for help, or to thank you again)
I appreciate your help!!!

#10
gdwill

Posted 05 February 2011 - 11:53 PM

New Member

Members
13 posts

OK-
everything looked good in the administrator profile, where I ran all the changes discussed so far in the preceding messages-

I logged into a different user account on the same computer (other family members), and ran malwarebyte, and it still shows infections with pup.delio

will attach the log run from that user profile in next message

#11
gdwill

Posted 06 February 2011 - 12:11 AM

New Member

Members
13 posts

Ran defooger program in that profile, message showed that "defogger ran to completion, but one or more errors showed occurred, see defogger disable log"
Log below:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:59 on 05/02/2011 (Mark)

Checking for autostart values...
HKCU\~\Run values retrieved.
Unable to open HKLM\~\Run key (5)
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Here is MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5684

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/5/2011 11:58:22 PM
mbam-log-2011-02-05 (23-58-22).txt

Scan type: Quick scan
Objects scanned: 165937
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the DDS text

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mark at 0:04:43.93 on Sun 02/06/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.530 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110120081025.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\fqg82241.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\youtube downloader toolbar\ff\components\youtubedownloaderToolbarFF.dll
FF - component: c:\program files\youtube downloader toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-19 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-20 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-20 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-20 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-1-28 99896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-12 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-20 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-20 141792]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-20 55840]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-1-28 13824]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-20 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-20 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-20 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-1-28 17408]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2010-8-11 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-20 84264]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]

=============== Created Last 30 ================

2011-02-06 02:47:23 -------- d-----w- c:\docume~1\mark\applic~1\Malwarebytes
2011-02-06 01:02:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-06 01:02:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 01:02:27 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-31 19:06:45 -------- d-----w- c:\program files\MSECache
2011-01-29 04:18:37 -------- d-----w- c:\program files\Readiris Pro 12
2011-01-29 03:25:02 -------- d-----w- c:\program files\Yahoo!
2011-01-29 03:19:38 81920 ----a-r- c:\windows\system32\mvusbews.dll
2011-01-29 03:19:38 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys
2011-01-29 03:19:38 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-29 03:15:20 99896 ----a-r- c:\windows\system32\HPSIsvc.exe
2011-01-29 03:13:33 316416 ----a-r- c:\windows\system32\Difxapi.dll
2011-01-29 03:13:33 284160 ----a-r- c:\windows\system32\mvhlewsi.dll
2011-01-20 13:10:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-20 13:10:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-01-20 13:10:16 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 13:10:11 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 13:10:11 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-01-20 13:10:11 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 13:10:11 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-01-20 13:10:11 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-20 13:10:11 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-20 13:10:11 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 13:10:11 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-20 13:10:11 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-18 02:59:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-18 02:48:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-12 19:45:58 -------- d-----w- C:\SBS
2011-01-09 05:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2011-01-08 22:49:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-01-08 22:49:16 -------- d-----w- c:\program files\World of Warcraft

==================== Find3M ====================

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 0:06:15.21 ===============

#12
Kenny94

Posted 06 February 2011 - 08:06 AM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

On this account:

Download ComboFix from below:

Combofix download

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

#13
gdwill

Posted 06 February 2011 - 10:18 AM

New Member

Members
13 posts

OK- tried running combo fix

When running as this user, would not allow program to run-

Tried again, and chose the option in the message box to run (in that user profile)and log in as administrator.

Program started, but stopped after a few seconds with message:
" Were you trying to run CF script? The name, CF script, appears to be incorrectly spelt"

I clicked OK, box closed, but so did the program.

#14
Kenny94

Posted 06 February 2011 - 10:49 AM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

We need to do a few things. One:

Follow these steps to uninstall Combofix and all of its files and components.

Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

Make sure there's a space between Combofix and /uninstall
Then hit Enter

Two:

Restart your PC and download Combofix again to your Desktop on the other user account as before. Now, we need to move ComboFix.exe off of the Desktop and place it in your C: Drive below:

Once you have ComboFix.exe in your C:\ then run ComboFix and post the log please.

#15
gdwill

Posted 06 February 2011 - 12:34 PM

New Member

Members
13 posts

Will not allow me to move ComboFix to C: drive- in this user account.
Also, will not show C: in address bar, as it does in pic on your post.

" Access denied"

#16
Kenny94

Posted 06 February 2011 - 03:05 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

Please run this online scan on the same user account:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#17
gdwill

Posted 06 February 2011 - 06:03 PM

New Member

Members
13 posts

Instructions were had to be run as administrator- I ended up changing user profile to allow administrator priveleges , to run as admnistrator
.
(I probably could have done that to get ComcoFix to run?)

Sorry for delay ( scan took 2 hours!)
Here's the log, nothing reported to be found on final screen

martInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=87ebb99ef978c7418f9c66f6000ac17f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-06 10:48:05
# local_time=2011-02-06 05:48:05 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 568117 9601450 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=171011
# found=0
# cleaned=0
# scan_time=7769

#18
Kenny94

Posted 07 February 2011 - 06:49 AM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

Go ahead and run Combofix as in post 14. Please post the log.

#19
gdwill

Posted 07 February 2011 - 05:19 PM

New Member

Members
13 posts

OK,
was able to get it to run in C:

Here's text ( also sent as attachment, not sure which way you wanted it)

ComboFix 11-02-06.02 - Mark 02/07/2011 16:57:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.593 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 )))))))))))))))))))))))))))))))
.

2011-02-07 14:07 . 2011-02-07 14:07 -------- d-----w- c:\documents and settings\Mom\Application Data\Sonic
2011-02-07 14:07 . 2011-02-07 14:26 89680 ----a-w- c:\documents and settings\Mom\MSSSerif120.fon
2011-02-07 14:07 . 2011-02-07 14:07 -------- d-----w- c:\documents and settings\Mom\Application Data\Leadertech
2011-02-06 20:34 . 2011-02-06 20:34 -------- d-----w- c:\program files\ESET
2011-02-06 18:24 . 2011-02-06 18:24 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com
2011-02-06 18:06 . 2011-02-06 18:06 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2011-02-06 17:31 . 2011-02-06 17:31 -------- d-----w- C:\New Folder
2011-02-06 16:17 . 2011-02-06 16:17 -------- d-----w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com
2011-02-06 15:56 . 2011-02-06 15:56 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2011-02-06 14:40 . 2011-02-06 14:44 -------- d-----w- c:\documents and settings\Kevin\Application Data\HPAppData
2011-02-06 06:55 . 2011-02-06 06:55 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2011-02-06 06:29 . 2011-02-06 06:29 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes
2011-02-06 02:47 . 2011-02-06 02:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2011-02-06 01:08 . 2011-02-06 01:08 -------- d-----w- c:\program files\Common Files\Java
2011-02-06 01:02 . 2011-02-06 01:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-06 01:02 . 2011-02-06 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 01:02 . 2011-02-06 01:02 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-05 18:04 . 2011-02-05 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-02-05 15:14 . 2011-02-05 15:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-05 15:11 . 2011-02-05 15:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-05 15:06 . 2011-02-05 15:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2011-02-05 15:00 . 2011-02-05 18:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-02-05 14:59 . 2011-02-06 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2011-02-03 20:39 . 2011-02-03 20:39 -------- d-----w- c:\documents and settings\Mark\Application Data\Yahoo!
2011-02-03 20:37 . 2011-02-07 21:50 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2011-01-31 19:06 . 2011-01-31 19:06 -------- d-----w- c:\program files\MSECache
2011-01-29 04:18 . 2011-01-29 04:20 -------- d-----w- c:\program files\Readiris Pro 12
2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo!
2011-01-29 03:25 . 2011-02-06 00:55 -------- d-----w- c:\program files\Yahoo!
2011-01-29 03:22 . 2011-01-30 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-01-29 03:19 . 2009-11-20 13:35 81920 ----a-r- c:\windows\system32\mvusbews.dll
2011-01-29 03:19 . 2009-11-20 13:35 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys
2011-01-29 03:19 . 2009-11-20 10:49 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-29 03:15 . 2009-12-04 06:49 99896 ----a-r- c:\windows\system32\HPSIsvc.exe
2011-01-29 03:13 . 2009-11-20 13:41 284160 ----a-r- c:\windows\system32\mvhlewsi.dll
2011-01-29 03:13 . 2009-11-20 10:43 316416 ----a-r- c:\windows\system32\Difxapi.dll
2011-01-29 02:52 . 2011-01-29 02:52 -------- d-----w- c:\documents and settings\Mom\Application Data\HP
2011-01-20 13:10 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-20 13:10 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-01-20 13:10 . 2010-10-14 03:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 13:10 . 2010-10-14 03:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 13:10 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-01-20 13:10 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 13:10 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-01-20 13:10 . 2010-10-14 03:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-20 13:10 . 2010-10-14 03:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-20 13:10 . 2010-10-14 03:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 13:10 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-20 13:10 . 2010-10-14 03:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\Mom\Application Data\SUPERAntiSpyware.com
2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-18 02:48 . 2011-01-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-13 20:30 . 2011-01-13 20:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- C:\SBS
2011-01-09 05:41 . 2011-01-09 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2011-01-08 22:49 . 2011-01-09 02:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-01-08 22:49 . 2011-01-17 01:19 -------- d-----w- c:\program files\World of Warcraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-03-24 17:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-03-24 17:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-10 12:00 81920 ------w- c:\windows\system32\isign32.dll
2010-10-14 03:28 . 2011-01-20 13:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Paul\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Mark\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-06-14 14:28 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 19:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-07 01:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-04-22 01:55 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AlcWzrd"=ALCWZRD.EXE
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/19/2009 11:05 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 8:10 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 11:13 AM 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [1/28/2011 10:15 PM 99896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/12/2010 9:44 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 8:10 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/20/2011 8:10 AM 141792]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 8:10 AM 55840]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [1/28/2011 10:20 PM 13824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 8:10 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/28/2011 10:19 PM 17408]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [8/11/2010 3:57 PM 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:35 PM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 8:10 AM 84264]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35]

2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{0B7B97B6-9006-4B05-88C6-072708A98218}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\fqg82241.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-1010\Software\SecuROM\License information*]
"datasecu"=hex:cc,9a,3a,f7,53,f6,b5,72,04,72,b1,2c,6e,db,56,3d,ca,10,40,97,c4,
32,bf,e2,1c,04,51,92,e2,ed,b5,15,a4,4e,b7,af,52,95,a7,bf,bc,94,2b,bb,85,0e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-1012\Software\SecuROM\License information*]
"datasecu"=hex:c0,3f,d1,95,2a,5a,b5,97,da,cf,40,56,05,cd,84,5c,96,75,bc,2b,4a,
27,16,ef,54,7e,5f,21,9f,88,a0,b3,5f,27,73,a2,82,59,19,79,65,e6,88,e3,e7,86,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-02-07 17:12:30
ComboFix-quarantined-files.txt 2011-02-07 22:12

Pre-Run: 75,571,499,008 bytes free
Post-Run: 75,611,070,464 bytes free

- - End Of File - - 0BCA04FCD992CB6215B00E37DD98196D

Attached Files

comboFix_log.txt 23.44K 5 downloads

#20
Kenny94

Posted 07 February 2011 - 08:10 PM

Malware Fighter

Experts
2,655 posts

Gender:Male
Location:S.C USA
Interests:The workings of Apple's tablets and all PC'S

Computing is not about computers any more. It is about living.
~Nicholas Negroponte

Update Run Malwarebytes

Launch Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

whitesmoke toolbar unable to remove

#1
gdwill

Posted 05 February 2011 - 12:13 PM

Attached Files

#2
Kenny94

Posted 05 February 2011 - 01:28 PM

#3
gdwill

Posted 05 February 2011 - 02:08 PM

Attached Files

#4
gdwill

Posted 05 February 2011 - 04:30 PM

#5
Kenny94

Posted 05 February 2011 - 05:05 PM

#6
Kenny94

Posted 05 February 2011 - 06:33 PM

#7
gdwill

Posted 05 February 2011 - 07:00 PM

#8
Kenny94

Posted 05 February 2011 - 07:25 PM

#9
gdwill

Posted 05 February 2011 - 09:01 PM

#10
gdwill

Posted 05 February 2011 - 11:53 PM

#11
gdwill

Posted 06 February 2011 - 12:11 AM

#12
Kenny94

Posted 06 February 2011 - 08:06 AM

#13
gdwill

Posted 06 February 2011 - 10:18 AM

#14
Kenny94

Posted 06 February 2011 - 10:49 AM

#15
gdwill

Posted 06 February 2011 - 12:34 PM

#16
Kenny94

Posted 06 February 2011 - 03:05 PM

#17
gdwill

Posted 06 February 2011 - 06:03 PM

#18
Kenny94

Posted 07 February 2011 - 06:49 AM

#19
gdwill

Posted 07 February 2011 - 05:19 PM

Attached Files

#20
Kenny94

Posted 07 February 2011 - 08:10 PM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

whitesmoke toolbar unable to remove

#1 gdwill Posted 05 February 2011 - 12:13 PM

Attached Files

#2 Kenny94 Posted 05 February 2011 - 01:28 PM

#3 gdwill Posted 05 February 2011 - 02:08 PM

Attached Files

#4 gdwill Posted 05 February 2011 - 04:30 PM

#5 Kenny94 Posted 05 February 2011 - 05:05 PM

#6 Kenny94 Posted 05 February 2011 - 06:33 PM

#7 gdwill Posted 05 February 2011 - 07:00 PM

#8 Kenny94 Posted 05 February 2011 - 07:25 PM

#9 gdwill Posted 05 February 2011 - 09:01 PM

#10 gdwill Posted 05 February 2011 - 11:53 PM

#11 gdwill Posted 06 February 2011 - 12:11 AM

#12 Kenny94 Posted 06 February 2011 - 08:06 AM

#13 gdwill Posted 06 February 2011 - 10:18 AM

#14 Kenny94 Posted 06 February 2011 - 10:49 AM

#15 gdwill Posted 06 February 2011 - 12:34 PM

#16 Kenny94 Posted 06 February 2011 - 03:05 PM

#17 gdwill Posted 06 February 2011 - 06:03 PM

#18 Kenny94 Posted 07 February 2011 - 06:49 AM

#19 gdwill Posted 07 February 2011 - 05:19 PM

Attached Files

#20 Kenny94 Posted 07 February 2011 - 08:10 PM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
gdwill

Posted 05 February 2011 - 12:13 PM

#2
Kenny94

Posted 05 February 2011 - 01:28 PM

#3
gdwill

Posted 05 February 2011 - 02:08 PM

#4
gdwill

Posted 05 February 2011 - 04:30 PM

#5
Kenny94

Posted 05 February 2011 - 05:05 PM

#6
Kenny94

Posted 05 February 2011 - 06:33 PM

#7
gdwill

Posted 05 February 2011 - 07:00 PM

#8
Kenny94

Posted 05 February 2011 - 07:25 PM

#9
gdwill

Posted 05 February 2011 - 09:01 PM

#10
gdwill

Posted 05 February 2011 - 11:53 PM

#11
gdwill

Posted 06 February 2011 - 12:11 AM

#12
Kenny94

Posted 06 February 2011 - 08:06 AM

#13
gdwill

Posted 06 February 2011 - 10:18 AM

#14
Kenny94

Posted 06 February 2011 - 10:49 AM

#15
gdwill

Posted 06 February 2011 - 12:34 PM

#16
Kenny94

Posted 06 February 2011 - 03:05 PM

#17
gdwill

Posted 06 February 2011 - 06:03 PM

#18
Kenny94

Posted 07 February 2011 - 06:49 AM

#19
gdwill

Posted 07 February 2011 - 05:19 PM

#20
Kenny94

Posted 07 February 2011 - 08:10 PM