bru

Possible Rootkit DDS,RkU,GMER logs

48 posts in this topic

I had posted on PC Help about what I thought was a problem with Superantispyware.

http://forums.malwarebytes.org/index.php?showtopic=62321

I was told to run some scans which opened up some more issues. RootRepeal would not load, it constantly would hang. Exchanged emails with the developer and we could never get it or a Beta version to run which got me concerned. So I ran RkU and GMER in additon to DDS. RkU indicated "possible rootkit activity". I am attaching logs. Note: I could not attach RkU log with copy/paste directly, had to first copy it to a word document...again that concerns me.

Here are DDS, DDS attach, RkU and GMER logs. I would appreciate an opinion as to whether something such as a rootkit or other is going on. Thank you

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bruce at 8:14:52.54 on Sat 09/11/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.872 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Bruce\Desktop\Computer Maintenance\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213825210359

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.8758449074

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\system32\srrstr.

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\ncaq0swn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\bruce\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprpjplug.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: XULRunner: {2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} - c:\documents and settings\bruce\local settings\application data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60}

FF - HiddenExtension: XULRunner: {555DD3E3-4087-4762-BF85-5733FE9A3DD9} - c:\documents and settings\ellen\local settings\application data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-2 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-8-11 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-09-11 02:36:58 0 d-----w- c:\windows\system32\wbem\Repository

2010-09-11 02:36:18 0 d-----w- c:\program files\Hitman Pro 3.5

2010-09-11 01:33:28 0 d-----w- c:\program files\Auslogics(3)

2010-09-10 23:06:52 0 d-----w- c:\program files\Auslogics

2010-09-09 23:27:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-09-04 02:23:25 0 d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55:30 0 d-----w- c:\docume~1\bruce\applic~1\Auslogics

2010-08-25 01:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-20 00:16:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16:29 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16:27 0 d-----w- c:\program files\Trojan Remover

2010-08-20 00:16:27 0 d-----w- c:\docume~1\bruce\applic~1\Simply Super Software

2010-08-20 00:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2010-08-17 09:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-17 08:58:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Yahoo! Companion(3)

2010-08-15 22:09:44 0 d-----w- c:\program files\CPUID

2010-08-15 22:05:28 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

2010-08-15 01:23:40 0 d-----w- c:\docume~1\bruce\applic~1\SUPERAntiSpyware.com

2010-08-15 01:23:27 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-08-06 02:52:28 87608 ----a-w- c:\docume~1\bruce\applic~1\inst.exe

2010-08-06 02:52:28 47360 ----a-w- c:\docume~1\bruce\applic~1\pcouffin.sys

2010-08-05 23:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-31 22:06:03 33400 ----a-w- c:\docume~1\bruce\applic~1\GDIPFONTCACHEV1.DAT

2010-07-31 00:29:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-21 08:40:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 00:32:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2004-08-24 23:43:34 2609631 ----a-w- c:\program files\aawsepersonal.exe

============= FINISH: 8:15:54.51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/11/2004 6:06:12 PM

System Uptime: 9/11/2010 5:20:27 AM (3 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 143 GiB total, 40.073 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 55.093 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 7/31/2010 12:03:19 PM - System Checkpoint

RP5: 7/31/2010 12:03:42 PM - CLEAN

RP6: 7/31/2010 12:04:14 PM - Support.com Service Complete

RP7: 8/1/2010 11:07:33 AM - Installed ClearType Tuning Control Panel Applet

RP8: 8/2/2010 5:22:30 AM - Restore Operation

RP9: 8/2/2010 5:59:56 AM - clean

RP10: 8/2/2010 9:00:59 PM - Installed %1 %2.

RP11: 8/2/2010 9:15:04 PM - Software Distribution Service 3.0

RP12: 8/2/2010 9:23:00 PM - Installed Windows KB954550-v5.

RP13: 8/2/2010 9:23:14 PM - Printer Driver Microsoft XPS Document Writer Installed

RP14: 8/2/2010 9:23:40 PM - Printer Driver Microsoft XPS Document Writer Installed

RP15: 8/2/2010 9:32:37 PM - Software Distribution Service 3.0

RP16: 8/3/2010 6:18:05 AM - Installed Windows Internet Explorer 8.

RP17: 8/3/2010 6:19:31 AM - Software Distribution Service 3.0

RP18: 8/3/2010 6:50:30 AM - Software Distribution Service 3.0

RP19: 8/3/2010 7:37:15 PM - Installed ClearType Tuning Control Panel Applet

RP20: 8/3/2010 9:01:11 PM - Restore Operation

RP21: 8/3/2010 9:44:25 PM - Software Distribution Service 3.0

RP22: 8/5/2010 8:45:12 AM - System Checkpoint

RP23: 8/5/2010 5:39:45 PM - 8/5

RP24: 8/5/2010 5:40:41 PM - Restore Operation

RP25: 8/5/2010 7:59:31 PM - Software Distribution Service 3.0

RP26: 8/6/2010 6:05:00 PM - driver

RP27: 8/7/2010 8:44:12 PM - System Checkpoint

RP28: 8/7/2010 11:10:18 PM - Installed Driver Whiz.

RP29: 8/7/2010 11:23:57 PM - Removed Driver Whiz.

RP30: 8/9/2010 9:25:55 PM - System Checkpoint

RP31: 8/10/2010 9:47:27 PM - Installed Java 6 Update 20

RP32: 8/10/2010 10:00:17 PM - Installed Java 6 Update 21

RP33: 8/10/2010 10:08:56 PM - Removed Java 6 Update 3

RP34: 8/10/2010 10:26:31 PM - Software Distribution Service 3.0

RP35: 8/12/2010 6:50:04 AM - Software Distribution Service 3.0

RP36: 8/12/2010 6:29:46 PM - Software Distribution Service 3.0

RP37: 8/13/2010 10:02:50 PM - System Checkpoint

RP38: 8/15/2010 8:31:49 AM - System Checkpoint

RP39: 8/16/2010 10:48:52 AM - System Checkpoint

RP40: 8/16/2010 9:20:08 PM - Avg8 Update

RP41: 8/16/2010 9:26:14 PM - Removed Google Earth.

RP42: 8/16/2010 9:27:13 PM - Installed Google Earth.

RP43: 8/17/2010 3:57:21 AM - Restore Operation

RP44: 8/17/2010 4:07:18 AM - Restore Operation

RP45: 8/18/2010 7:40:15 AM - System Checkpoint

RP46: 8/19/2010 7:44:52 AM - System Checkpoint

RP47: 8/20/2010 8:32:51 AM - System Checkpoint

RP48: 8/21/2010 2:01:20 PM - System Checkpoint

RP49: 8/21/2010 6:51:26 PM - Restore Operation

RP50: 8/21/2010 11:01:21 PM - good

RP51: 8/23/2010 7:32:59 AM - System Checkpoint

RP52: 8/23/2010 9:37:26 PM - Installed ClearType Tuning Control Panel Applet

RP53: 8/23/2010 10:14:23 PM - good

RP54: 8/24/2010 6:46:43 AM - Configured AVG Free 8.5

RP55: 8/24/2010 8:21:47 PM - again

RP56: 8/24/2010 8:22:08 PM - Restore Operation

RP57: 8/25/2010 11:54:25 PM - System Checkpoint

RP58: 8/27/2010 7:38:23 AM - System Checkpoint

RP59: 8/28/2010 11:10:16 AM - System Checkpoint

RP60: 8/29/2010 2:03:27 PM - System Checkpoint

RP61: 8/30/2010 3:07:13 PM - System Checkpoint

RP62: 8/31/2010 3:30:21 PM - System Checkpoint

RP63: 9/1/2010 4:16:42 PM - System Checkpoint

RP64: 9/2/2010 4:56:06 PM - System Checkpoint

RP65: 9/3/2010 7:08:23 PM - System Checkpoint

RP66: 9/4/2010 7:43:16 AM - Revo Uninstaller's restore point - URGE

RP67: 9/4/2010 7:43:39 AM - Removed URGE

RP68: 9/7/2010 7:21:02 AM - System Checkpoint

RP69: 9/8/2010 9:39:49 AM - System Checkpoint

RP70: 9/8/2010 7:55:47 PM - Avg8 Update

RP71: 9/9/2010 8:59:38 PM - Revo Uninstaller's restore point - WinRAR archiver

RP72: 9/10/2010 8:31:31 PM - 123

RP73: 9/10/2010 8:32:14 PM - Restore Operation

RP74: 9/10/2010 8:39:54 PM - Avg8 Update

RP75: 9/10/2010 9:34:56 PM - Restore Operation

==== Installed Programs ======================

Acrobat.com

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Agere Systems AC'97 Modem

Apple Mobile Device Support

Apple Software Update

Atari: The 80 Classic Games

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Auslogics Disk Defrag

AVG Free 8.5

Bonjour

Canon i350

CCleaner

Click to DVD 2.0 Menu Data

Click to DVD 2.0.02

CPUID CPU-Z 1.55

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

Drag'n Drop CD+DVD

DVgate Plus

ERUNT 1.1j

ESET Online Scanner v3

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

InterVideo WinDVD 5 for VAIO

iPod for Windows 2005-01-11

iPod for Windows 2005-02-07

iPod for Windows 2005-02-22

iPod for Windows 2005-03-23

iPod for Windows 2005-06-26

iPod Updater 2004-08-06

iPod Updater 2004-10-20

iPod Updater 2004-11-15

iTunes

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Maxtor Manager

Memory Stick Formatter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works 7.0

MoodLogic

Move Media Player

Mozilla Firefox (3.6.8)

MSN Music Assistant

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OpenMG Limited Patch 3.4-03-12-16-01

OpenMG Secure Module 3.4.00

PictureGear Studio 2.0

QuickTime

RealPlayer

Recuva

Revo Uninstaller 1.89

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SonicStage 2.0.02

Sony Certificate PCH

Sony Video Shared Library

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 4.4

SUPERAntiSpyware

Trojan Remover 6.8.2

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

VAIO Entertainment Platform

VAIO Help and Support

VAIO Media 3.0

VAIO Media Integrated Server 3.0

VAIO Media Redistribution 3.0

VAIO Registration

VAIO SLIT-C Screen Saver

VAIO SLIT Pattern Wallpaper

VAIO Survey Standalone

VAIO System Information

VAIO Update 2

Viewpoint Manager (Remove Only)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Welcome to VAIO life

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB821253

Windows XP Service Pack 3

WingMan Software

Yahoo! Address AutoComplete

Yahoo! Anti-Spy

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/4/2010 8:36:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbcpHid

9/10/2010 7:35:06 PM, error: Service Control Manager [7000] - The rootrepeal service failed to start due to the following error: The system cannot find the file specified.

9/10/2010 7:26:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid Tcpip

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF67F8000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1269760 bytes (Agere Systems, SoftModem Device Driver)

0xF6952000 C:\WINDOWS\system32\drivers\smwdm.sys 598016 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )

0xF731A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xEE461000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6772000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xEE5CF000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEDF14000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xEE410000 C:\WINDOWS\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xED7D8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)

0xEE05B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF72ED000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xEE4F9000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xEE58E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xEE546000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF6A1B000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)

0xF692E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6A3F000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF69E4000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xEE56C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)

0xEE524000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x806FF000 ACPI_HAL 134400 bytes

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-11 14:01:26

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Bruce\LOCALS~1\Temp\uxtdqpog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74F787E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF74F7BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

:P

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Share this post


Link to post
Share on other sites

Hello,

Thank you for the help. Right now the computer seems fine. As mentioned running the scans as suggested in the PC Help forum led me to posting here.

Do you see any evidence of rootkits in RkU log? Does the fact that I couldn't get RootRepeal to run mean anything? Also my GMER log seemed too short, does that log tell you anything? I did have to run GMER in Safe Mode as it would freeze at \Device\Hardisk\Volume3 and tell me it has encountered a problem and needs to shut down.

Would you be able to tell me what you saw in the logs and what the instructions you provided will be doing? I see entries related to resetting my ip address, drivers, etc. but don't really know exactly what the command will be doing. I was able to delete the RootRepeal driver with the help of the tool developer.

I already run ATF regularly but typically don't clean out recycle bin, cookies and prefetch. I don't accept cookies while browsing except ones I need and have added as exceptions so I don't like to clean them. Have heard cleaning Prefetch isn't really necessary and causes the slow start ups you mention.

I'll wait to hear what you have to say before proceeding. Thanks.

Share this post


Link to post
Share on other sites

We just started so I don't know yet if you're still infected.

Did you run what I suggested?

Reboot and "copy/paste" a new DDS log file into this thread.

Share this post


Link to post
Share on other sites

Not yet. Curious as to what you suspect?

MBAM, SAS, AVG, TDSSkiller and a few others come up clean.

Share this post


Link to post
Share on other sites

You Google it and let me know what you find.

Hosts: 127.0.0.1 www.spywareinfo.com

Share this post


Link to post
Share on other sites

I see several reports of this being a false positive related to Spybot which I do run.

Spybot is blocking a site that was once good but turned bad.

After spending the last few days researching the problem, found a site that says that Spybot S&D added a site to the Hosts file and the alert that Spyware Doctor is giving is just reporting the change. So this IS a false positive. www.spywareinfo.com was once a legit site, but not now. If you would like to find out how to stop the alert visit this site:

http://forums.g4tv.com/thread.jspa?messageID=13740876 Unfortunately this link is not active.

When I google it I see it on many logs but it seems like that is not the problem being addressed.

Needless to say I am confused. Looking for some direction. Will running flush.bat cause any issues?

Share this post


Link to post
Share on other sites

This also talks about it being a false positive. I also want to say that I don't believe I've ever been alerted to this in any of the scans I do.

Okay, what is happening is that Spywareinfo.com used to be the domain of one of the pioneers of the anti malware fight. They had forums, tutorials, and much more. Many experts got their start and training there.

But when the name registration came up for renewal, they had a problem with who was authorized to renew it; and before the authorized individual could handle it a cybersquatter bought up the name and address.

To try to force the folks running this site to pay thousands of dollars to buy it back, the squatters put in links to sites which will install malware on your computer.

So several immunizers have added a loopback , the 127.0.0.1 test loop so that if you accidentally try to go to that site you get a site unavailable warning.

Hoster removes all entries in the hosts file and puts in the microsoft default values.

(The hosts file is a file where you can enter urls and the Ip address you want to connect to when you type in that url. This way your computer has the information saved and does not have to ask your ISP to look up the IP address for the URL you typed. In the old days of dial up internet this could often save thirty seconds to a minute in loading a page. Now with broadband and fast DNS servers at most ISPs there is a minimal - unnoticeable delay in looking up IP addresses so the hosts file is mostly used to block access to websites by looping the url back to your computer where the site will not be found and will thus be listed as unavailable.)

http://www.spywareinfoforum.com/index.php?showtopic=121410

Safer Networking creating of Spybot search and destroy is familiar with this type or nasty behavior as they have been the target of such a takeover and name spoofing in the past. So when they became alerted of this takeover they added this temporary solution to the immunity feature.

Spyware Doctor and others should soon update to this; but in the meantime you can just ignore the warning from spyware doctor .

Or just do not re immunize after this entry is removed but be cautious and do not visit that site.

The New address for the spyware info team is

http://www.spywareinfoforum.com/

Share this post


Link to post
Share on other sites

And that is why I suggested you do this:

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Share this post


Link to post
Share on other sites

Here is the most recent DDS.txt and Attach.txt after running flush.bat and ATF. The computer seems ok. I did have redirects in the past and was told to look for Goored. Thank you for your help.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bruce at 17:48:58.90 on Mon 09/13/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.990 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Bruce\Desktop\Computer Maintenance\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213825210359

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.8758449074

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\system32\srrstr.

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\ncaq0swn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\bruce\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprpjplug.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: XULRunner: {2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} - c:\documents and settings\bruce\local settings\application data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60}

FF - HiddenExtension: XULRunner: {555DD3E3-4087-4762-BF85-5733FE9A3DD9} - c:\documents and settings\ellen\local settings\application data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-2 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-8-11 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-09-11 02:36:58 0 d-----w- c:\windows\system32\wbem\Repository

2010-09-11 02:36:18 0 d-----w- c:\program files\Hitman Pro 3.5

2010-09-11 01:33:28 0 d-----w- c:\program files\Auslogics(3)

2010-09-10 23:06:52 0 d-----w- c:\program files\Auslogics

2010-09-09 23:27:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-09-04 02:23:25 0 d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55:30 0 d-----w- c:\docume~1\bruce\applic~1\Auslogics

2010-08-25 01:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-20 00:16:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16:29 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16:27 0 d-----w- c:\program files\Trojan Remover

2010-08-20 00:16:27 0 d-----w- c:\docume~1\bruce\applic~1\Simply Super Software

2010-08-20 00:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2010-08-17 09:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-17 08:58:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Yahoo! Companion(3)

2010-08-15 22:09:44 0 d-----w- c:\program files\CPUID

2010-08-15 22:05:28 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

2010-08-15 01:23:40 0 d-----w- c:\docume~1\bruce\applic~1\SUPERAntiSpyware.com

2010-08-15 01:23:27 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-08-06 02:52:28 87608 ----a-w- c:\docume~1\bruce\applic~1\inst.exe

2010-08-06 02:52:28 47360 ----a-w- c:\docume~1\bruce\applic~1\pcouffin.sys

2010-08-05 23:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-31 22:06:03 33400 ----a-w- c:\docume~1\bruce\applic~1\GDIPFONTCACHEV1.DAT

2010-07-31 00:29:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-21 08:40:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 00:32:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2004-08-24 23:43:34 2609631 ----a-w- c:\program files\aawsepersonal.exe

============= FINISH: 17:49:56.15 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/11/2004 6:06:12 PM

System Uptime: 9/13/2010 5:44:25 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 143 GiB total, 39.898 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 55.093 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 7/31/2010 12:03:19 PM - System Checkpoint

RP5: 7/31/2010 12:03:42 PM - CLEAN

RP6: 7/31/2010 12:04:14 PM - Support.com Service Complete

RP7: 8/1/2010 11:07:33 AM - Installed ClearType Tuning Control Panel Applet

RP8: 8/2/2010 5:22:30 AM - Restore Operation

RP9: 8/2/2010 5:59:56 AM - clean

RP10: 8/2/2010 9:00:59 PM - Installed %1 %2.

RP11: 8/2/2010 9:15:04 PM - Software Distribution Service 3.0

RP12: 8/2/2010 9:23:00 PM - Installed Windows KB954550-v5.

RP13: 8/2/2010 9:23:14 PM - Printer Driver Microsoft XPS Document Writer Installed

RP14: 8/2/2010 9:23:40 PM - Printer Driver Microsoft XPS Document Writer Installed

RP15: 8/2/2010 9:32:37 PM - Software Distribution Service 3.0

RP16: 8/3/2010 6:18:05 AM - Installed Windows Internet Explorer 8.

RP17: 8/3/2010 6:19:31 AM - Software Distribution Service 3.0

RP18: 8/3/2010 6:50:30 AM - Software Distribution Service 3.0

RP19: 8/3/2010 7:37:15 PM - Installed ClearType Tuning Control Panel Applet

RP20: 8/3/2010 9:01:11 PM - Restore Operation

RP21: 8/3/2010 9:44:25 PM - Software Distribution Service 3.0

RP22: 8/5/2010 8:45:12 AM - System Checkpoint

RP23: 8/5/2010 5:39:45 PM - 8/5

RP24: 8/5/2010 5:40:41 PM - Restore Operation

RP25: 8/5/2010 7:59:31 PM - Software Distribution Service 3.0

RP26: 8/6/2010 6:05:00 PM - driver

RP27: 8/7/2010 8:44:12 PM - System Checkpoint

RP28: 8/7/2010 11:10:18 PM - Installed Driver Whiz.

RP29: 8/7/2010 11:23:57 PM - Removed Driver Whiz.

RP30: 8/9/2010 9:25:55 PM - System Checkpoint

RP31: 8/10/2010 9:47:27 PM - Installed Java 6 Update 20

RP32: 8/10/2010 10:00:17 PM - Installed Java 6 Update 21

RP33: 8/10/2010 10:08:56 PM - Removed Java 6 Update 3

RP34: 8/10/2010 10:26:31 PM - Software Distribution Service 3.0

RP35: 8/12/2010 6:50:04 AM - Software Distribution Service 3.0

RP36: 8/12/2010 6:29:46 PM - Software Distribution Service 3.0

RP37: 8/13/2010 10:02:50 PM - System Checkpoint

RP38: 8/15/2010 8:31:49 AM - System Checkpoint

RP39: 8/16/2010 10:48:52 AM - System Checkpoint

RP40: 8/16/2010 9:20:08 PM - Avg8 Update

RP41: 8/16/2010 9:26:14 PM - Removed Google Earth.

RP42: 8/16/2010 9:27:13 PM - Installed Google Earth.

RP43: 8/17/2010 3:57:21 AM - Restore Operation

RP44: 8/17/2010 4:07:18 AM - Restore Operation

RP45: 8/18/2010 7:40:15 AM - System Checkpoint

RP46: 8/19/2010 7:44:52 AM - System Checkpoint

RP47: 8/20/2010 8:32:51 AM - System Checkpoint

RP48: 8/21/2010 2:01:20 PM - System Checkpoint

RP49: 8/21/2010 6:51:26 PM - Restore Operation

RP50: 8/21/2010 11:01:21 PM - good

RP51: 8/23/2010 7:32:59 AM - System Checkpoint

RP52: 8/23/2010 9:37:26 PM - Installed ClearType Tuning Control Panel Applet

RP53: 8/23/2010 10:14:23 PM - good

RP54: 8/24/2010 6:46:43 AM - Configured AVG Free 8.5

RP55: 8/24/2010 8:21:47 PM - again

RP56: 8/24/2010 8:22:08 PM - Restore Operation

RP57: 8/25/2010 11:54:25 PM - System Checkpoint

RP58: 8/27/2010 7:38:23 AM - System Checkpoint

RP59: 8/28/2010 11:10:16 AM - System Checkpoint

RP60: 8/29/2010 2:03:27 PM - System Checkpoint

RP61: 8/30/2010 3:07:13 PM - System Checkpoint

RP62: 8/31/2010 3:30:21 PM - System Checkpoint

RP63: 9/1/2010 4:16:42 PM - System Checkpoint

RP64: 9/2/2010 4:56:06 PM - System Checkpoint

RP65: 9/3/2010 7:08:23 PM - System Checkpoint

RP66: 9/4/2010 7:43:16 AM - Revo Uninstaller's restore point - URGE

RP67: 9/4/2010 7:43:39 AM - Removed URGE

RP68: 9/7/2010 7:21:02 AM - System Checkpoint

RP69: 9/8/2010 9:39:49 AM - System Checkpoint

RP70: 9/8/2010 7:55:47 PM - Avg8 Update

RP71: 9/9/2010 8:59:38 PM - Revo Uninstaller's restore point - WinRAR archiver

RP72: 9/10/2010 8:31:31 PM - 123

RP73: 9/10/2010 8:32:14 PM - Restore Operation

RP74: 9/10/2010 8:39:54 PM - Avg8 Update

RP75: 9/10/2010 9:34:56 PM - Restore Operation

RP76: 9/12/2010 2:35:19 PM - System Checkpoint

RP77: 9/12/2010 5:50:40 PM - abc

==== Installed Programs ======================

Acrobat.com

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Agere Systems AC'97 Modem

Apple Mobile Device Support

Apple Software Update

Atari: The 80 Classic Games

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Auslogics Disk Defrag

AVG Free 8.5

Bonjour

Canon i350

CCleaner

Click to DVD 2.0 Menu Data

Click to DVD 2.0.02

CPUID CPU-Z 1.55

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

Drag'n Drop CD+DVD

DVgate Plus

ERUNT 1.1j

ESET Online Scanner v3

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

InterVideo WinDVD 5 for VAIO

iPod for Windows 2005-01-11

iPod for Windows 2005-02-07

iPod for Windows 2005-02-22

iPod for Windows 2005-03-23

iPod for Windows 2005-06-26

iPod Updater 2004-08-06

iPod Updater 2004-10-20

iPod Updater 2004-11-15

iTunes

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Maxtor Manager

Memory Stick Formatter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works 7.0

MoodLogic

Move Media Player

Mozilla Firefox (3.6.8)

MSN Music Assistant

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OpenMG Limited Patch 3.4-03-12-16-01

OpenMG Secure Module 3.4.00

PictureGear Studio 2.0

QuickTime

RealPlayer

Recuva

Revo Uninstaller 1.89

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SonicStage 2.0.02

Sony Certificate PCH

Sony Video Shared Library

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 4.4

SUPERAntiSpyware

Trojan Remover 6.8.2

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

VAIO Entertainment Platform

VAIO Help and Support

VAIO Media 3.0

VAIO Media Integrated Server 3.0

VAIO Media Redistribution 3.0

VAIO Registration

VAIO SLIT-C Screen Saver

VAIO SLIT Pattern Wallpaper

VAIO Survey Standalone

VAIO System Information

VAIO Update 2

Viewpoint Manager (Remove Only)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Welcome to VAIO life

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB821253

Windows XP Service Pack 3

WingMan Software

Yahoo! Address AutoComplete

Yahoo! Anti-Spy

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/7/2010 6:42:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbcpHid

9/11/2010 2:00:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

9/11/2010 10:28:33 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

9/10/2010 7:35:06 PM, error: Service Control Manager [7000] - The rootrepeal service failed to start due to the following error: The system cannot find the file specified.

9/10/2010 7:26:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid Tcpip

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Lets try MBAM now.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • mbam1.png
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

I run MBAM several times a week and it has not found anything in quite a while. Here is the latest log.

Computer is ok in terms of browsing. Some programs open a bit slow. Thank you

Thank you.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4613

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/14/2010 7:05:15 AM

mbam-log-2010-09-14 (07-05-15).txt

Scan type: Quick scan

Objects scanned: 167727

Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Lets run one more progarm

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I will have to get to this in about eight hours. Two quick questions if I may.

Did you see any evidence of Goored? I see ComboFix disables autoruns of several things. Is it just a matter of reassigning the autoruns after finishing with the tool (i.e. telling the computer to always use WMP for CDs, etc) or is there something else involved? Thank you

Share this post


Link to post
Share on other sites

Combofix disables Autorun which you shouldn't have running anyway, but if CF disables it we can fix that.

We never ran Gooredfix, but if you like:

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Download TDSSKiller and save it to your Desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Reboot your machine and see if the infection is gone
  • Please post the contents of that log TDSSKiller and GooredFix log.

Share this post


Link to post
Share on other sites

Here are GooredFix and TDSSKiller. ComboFix forthcoming.

GooredFix by jpshortstuff (03.07.10.1)

Log created at 17:40 on 14/09/2010 (Bruce)

Firefox version 3.6.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting C:\Documents and Settings\Bruce\Local Settings\Application Data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

Deleting C:\Documents and Settings\Ellen\Local Settings\Application Data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:54 19/05/2010]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [23:52 21/08/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [03:00 11/08/2010]

C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\ncaq0swn.default\extensions\

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [23:17 25/08/2010]

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [02:58 11/09/2010]

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(3) [02:33 11/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:47 11/08/2010]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:27 03/08/2010]

-=E.O.F=-

2010/09/14 17:42:40.0515 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/14 17:42:40.0515 ================================================================================

2010/09/14 17:42:40.0515 SystemInfo:

2010/09/14 17:42:40.0515

2010/09/14 17:42:40.0515 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/14 17:42:40.0515 Product type: Workstation

2010/09/14 17:42:40.0515 ComputerName: BRUCE

2010/09/14 17:42:40.0515 UserName: Bruce

2010/09/14 17:42:40.0515 Windows directory: C:\WINDOWS

2010/09/14 17:42:40.0515 System windows directory: C:\WINDOWS

2010/09/14 17:42:40.0515 Processor architecture: Intel x86

2010/09/14 17:42:40.0515 Number of processors: 2

2010/09/14 17:42:40.0515 Page size: 0x1000

2010/09/14 17:42:40.0515 Boot type: Normal boot

2010/09/14 17:42:40.0515 ================================================================================

2010/09/14 17:42:40.0750 Initialize success

2010/09/14 17:43:37.0156 ================================================================================

2010/09/14 17:43:37.0156 Scan started

2010/09/14 17:43:37.0156 Mode: Manual;

2010/09/14 17:43:37.0156 ================================================================================

2010/09/14 17:43:37.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/14 17:43:37.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/14 17:43:38.0015 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/09/14 17:43:38.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/14 17:43:38.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/14 17:43:38.0578 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/09/14 17:43:38.0812 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/14 17:43:39.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/14 17:43:39.0453 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/09/14 17:43:39.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/14 17:43:39.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/14 17:43:40.0015 ati2mtag (8a4bb7291606fba4eaafd7b5604255a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/09/14 17:43:40.0203 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/14 17:43:40.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/14 17:43:40.0578 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/09/14 17:43:40.0812 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/09/14 17:43:40.0984 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/09/14 17:43:41.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/14 17:43:41.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/14 17:43:41.0500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/14 17:43:41.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/14 17:43:41.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/14 17:43:42.0109 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/14 17:43:42.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/14 17:43:42.0734 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/14 17:43:42.0953 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/09/14 17:43:43.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/14 17:43:43.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/14 17:43:43.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/14 17:43:43.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/14 17:43:43.0906 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/09/14 17:43:44.0093 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/14 17:43:44.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/14 17:43:44.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/14 17:43:44.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/14 17:43:44.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/14 17:43:45.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/14 17:43:45.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/14 17:43:45.0343 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/14 17:43:45.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/14 17:43:45.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/14 17:43:45.0921 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/14 17:43:46.0171 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/14 17:43:46.0343 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/14 17:43:46.0515 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/14 17:43:46.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/14 17:43:46.0953 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/14 17:43:47.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/14 17:43:47.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/14 17:43:47.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/14 17:43:47.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/14 17:43:47.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/14 17:43:48.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/14 17:43:48.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/14 17:43:48.0390 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/14 17:43:48.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/14 17:43:48.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/14 17:43:48.0953 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/09/14 17:43:49.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/14 17:43:49.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/14 17:43:49.0531 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/14 17:43:49.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/14 17:43:49.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/14 17:43:50.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/14 17:43:50.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/14 17:43:50.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/14 17:43:50.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/14 17:43:50.0875 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/14 17:43:51.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/14 17:43:51.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/14 17:43:51.0406 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/14 17:43:51.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/14 17:43:51.0828 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

2010/09/14 17:43:51.0968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/14 17:43:52.0171 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/14 17:43:52.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/14 17:43:52.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/14 17:43:52.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/14 17:43:52.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/14 17:43:53.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/14 17:43:53.0218 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/14 17:43:53.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/14 17:43:53.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/14 17:43:53.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/14 17:43:54.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/14 17:43:54.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/14 17:43:54.0390 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/14 17:43:54.0562 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/14 17:43:54.0781 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/14 17:43:54.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/14 17:43:55.0203 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/14 17:43:55.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/14 17:43:55.0562 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/14 17:43:55.0875 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/14 17:43:56.0031 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/14 17:43:56.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/14 17:43:56.0625 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/14 17:43:56.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/14 17:43:57.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/14 17:43:57.0234 PxHelp20 (25639ba81c01a3e0508901829479954f) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/14 17:43:57.0906 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/14 17:43:58.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/14 17:43:58.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/14 17:43:58.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/14 17:43:58.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/14 17:43:58.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/14 17:43:58.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/14 17:43:59.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/14 17:43:59.0375 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/14 17:43:59.0468 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/14 17:43:59.0828 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/09/14 17:44:00.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/14 17:44:00.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/09/14 17:44:00.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/14 17:44:00.0671 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/14 17:44:00.0890 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys

2010/09/14 17:44:01.0140 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys

2010/09/14 17:44:01.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/14 17:44:01.0562 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/14 17:44:01.0812 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/14 17:44:01.0953 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys

2010/09/14 17:44:02.0140 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys

2010/09/14 17:44:02.0359 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/14 17:44:02.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/14 17:44:02.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/14 17:44:03.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/14 17:44:03.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/14 17:44:03.0531 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/14 17:44:03.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/14 17:44:03.0906 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/14 17:44:04.0125 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/14 17:44:04.0375 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/14 17:44:04.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/14 17:44:04.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/14 17:44:04.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/14 17:44:05.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/14 17:44:05.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/14 17:44:05.0546 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/14 17:44:05.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/14 17:44:05.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/14 17:44:06.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/14 17:44:06.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/14 17:44:06.0531 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/14 17:44:06.0781 WmBEnum (161a60f172ebfc6225b4eb173f6010a7) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/09/14 17:44:06.0937 WmFilter (91c509dc3b79cbaa2a9447adad3ee23c) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/09/14 17:44:07.0140 WmXlCore (c8038756dd997a78c8953d15be841aaf) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/09/14 17:44:07.0296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/14 17:44:07.0468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/14 17:44:07.0703 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/09/14 17:44:07.0875 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/09/14 17:44:07.0921 ================================================================================

2010/09/14 17:44:07.0921 Scan finished

2010/09/14 17:44:07.0921 ================================================================================

Share this post


Link to post
Share on other sites

ComboFix log below. I do notice that as the computer starts up it briefly flashes the black/white screen which now contains the option for starting windows recovery console. It does start Windows XP but I assume this will now briefly show up all the time now that windows recovery console is installed.

ComboFix 10-09-14.01 - Bruce 09/14/2010 18:01:21.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.853 [GMT -5:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Bruce\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\STEC3.sys

F:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_STEC3

-------\Service_STEC3

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))

.

2010-09-11 02:36 . 2010-09-11 02:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-11 02:36 . 2010-09-11 02:36 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-09-11 01:33 . 2010-09-11 02:36 -------- d-----w- c:\program files\Auslogics(3)

2010-09-10 23:06 . 2010-09-11 02:36 -------- d-----w- c:\program files\Auslogics

2010-09-09 23:27 . 2010-09-09 23:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25 . 2010-09-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-09-04 02:23 . 2010-09-10 03:07 -------- d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55 . 2010-09-04 01:55 -------- d-----w- c:\documents and settings\Bruce\Application Data\Auslogics

2010-08-25 01:22 . 2010-08-25 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-08-20 23:24 . 2010-08-20 23:24 -------- d-----w- c:\documents and settings\Ellen\Application Data\Simply Super Software

2010-08-20 00:17 . 2010-09-14 00:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-20 00:16 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\program files\Trojan Remover

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\documents and settings\Bruce\Application Data\Simply Super Software

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-08-17 09:08 . 2010-08-17 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-17 08:58 . 2010-08-17 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion(3)

2010-08-17 01:17 . 2010-08-24 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-14 15:11 . 2008-06-17 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-09-09 11:27 . 2010-08-15 01:24 63488 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-09 11:27 . 2010-08-15 01:24 117760 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-04 12:46 . 2007-08-24 23:51 -------- d-----w- c:\program files\MTV Networks

2010-09-02 12:02 . 2010-07-01 00:49 -------- d-----w- c:\program files\Speccy

2010-09-02 12:01 . 2010-01-29 23:56 -------- d-----w- c:\program files\CCleaner

2010-08-28 00:34 . 2010-08-15 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-24 11:45 . 2008-12-26 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-17 09:09 . 2004-03-31 23:59 -------- d-----w- c:\program files\Google

2010-08-17 09:09 . 2004-08-12 02:26 -------- d-----w- c:\program files\Yahoo!

2010-08-17 09:08 . 2010-08-15 22:09 -------- d-----w- c:\program files\CPUID

2010-08-17 02:33 . 2009-07-04 14:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 02:32 . 2010-08-17 02:33 53632 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-15 21:57 . 2010-07-01 01:45 -------- d-----w- c:\program files\Recuva

2010-08-15 21:56 . 2010-07-01 01:46 -------- d-----w- c:\program files\Defraggler

2010-08-15 01:24 . 2010-08-15 01:24 52224 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-15 01:23 . 2010-08-15 01:23 -------- d-----w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com

2010-08-13 23:06 . 2005-02-12 18:50 33792 ----a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-12 01:03 . 2010-08-12 01:03 -------- d-----w- c:\program files\ESET

2010-08-11 23:31 . 2004-03-31 23:15 -------- d-----w- c:\program files\Java

2010-08-11 03:42 . 2008-12-13 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-11 03:01 . 2004-03-31 23:15 -------- d-----w- c:\program files\Common Files\Java

2010-08-11 02:48 . 2010-08-11 02:48 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\msvcp71.dll

2010-08-11 02:48 . 2010-08-11 02:48 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\jmc.dll

2010-08-11 02:48 . 2010-08-11 02:48 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\msvcr71.dll

2010-08-11 02:48 . 2010-08-11 02:48 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2af819dc-n\decora-sse.dll

2010-08-11 02:48 . 2010-08-11 02:48 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2af819dc-n\decora-d3d.dll

2010-08-08 14:30 . 2010-08-08 14:30 -------- d-----w- c:\program files\ERUNT

2010-08-08 04:11 . 2010-08-08 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2010-08-07 23:46 . 2010-07-31 01:59 -------- d-----w- c:\program files\Common Files\supportdotcom

2010-08-06 18:51 . 2010-07-31 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\support.com

2010-08-06 02:52 . 2010-08-06 02:52 -------- d-----w- c:\documents and settings\Bruce\Application Data\Vso

2010-08-06 02:52 . 2010-08-06 02:52 47360 ----a-w- c:\documents and settings\Bruce\Application Data\pcouffin.sys

2010-08-06 02:52 . 2010-08-06 02:52 47360 ----a-w- c:\documents and settings\Bruce\Application Data\pcouffin.sys

2010-08-06 01:38 . 2010-07-29 03:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-05 23:13 . 2010-03-03 04:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-05 23:05 . 2010-08-02 10:07 -------- d-----w- c:\program files\supportdotcom(2)

2010-08-03 02:24 . 2010-08-03 02:24 -------- d-----w- c:\program files\MSBuild

2010-08-03 02:24 . 2010-08-03 02:24 -------- d-----w- c:\program files\Reference Assemblies

2010-08-03 02:02 . 2010-08-03 02:02 -------- d-----w- c:\documents and settings\Bruce\Application Data\ElevatedDiagnostics

2010-08-02 23:58 . 2010-06-01 01:43 -------- d-----w- c:\program files\Windows Live Safety Center

2010-08-02 02:53 . 2010-08-02 02:53 -------- d-----w- c:\documents and settings\Ellen\Application Data\Malwarebytes

2010-08-01 15:51 . 2010-08-01 15:51 -------- d-----w- c:\documents and settings\Ellen\Application Data\supportdotcom

2010-07-31 03:15 . 2004-04-01 00:02 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-31 02:08 . 2010-07-31 02:08 -------- d-----w- c:\program files\Common Files\supportsoft

2010-07-31 02:00 . 2010-07-31 02:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\supportdotcom

2010-07-31 01:12 . 2010-07-31 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-07-31 00:29 . 2004-03-31 19:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-29 03:28 . 2010-07-29 03:28 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-29 03:28 . 2010-07-29 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-29 00:35 . 2010-07-29 00:35 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-28 07:48 . 2010-07-28 07:48 34952 ----a-w- c:\documents and settings\Bruce.BRUCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-27 00:13 . 2010-09-14 00:57 3683248 ----a-w- c:\documents and settings\Bruce\Application Data\Simply Super Software\Trojan Remover\rel62.exe

2010-07-27 00:13 . 2010-08-26 02:57 3683248 ----a-w- c:\documents and settings\Bruce\Application Data\Simply Super Software\Trojan Remover\kpw96.exe

2010-07-25 23:19 . 2010-07-25 23:18 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-21 08:40 . 2010-07-21 08:40 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40 . 2010-07-21 08:40 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-07-17 10:00 . 2010-08-11 02:48 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-09 18:18 . 2010-08-15 22:05 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

2010-06-30 12:31 . 2004-03-31 19:59 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-12-07 22:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-03-31 19:59 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-03-31 19:59 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 00:32 . 2010-03-05 03:17 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-17 14:03 . 2004-03-31 19:59 80384 ----a-w- c:\windows\system32\iccvid.dll

2004-08-24 23:43 . 2004-08-24 23:43 2609631 ----a-w- c:\program files\aawsepersonal.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 68856]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]

"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]

c:\documents and settings\Bruce\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-25 19:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]

2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

2006-06-01 23:09 1003520 ----a-w- c:\documents and settings\Bruce\My Documents\My Downloads\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]

2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]

2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 8:29 PM 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 10:56 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 10:56 AM 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/2/2010 11:28 PM 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 10:55 AM 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [8/11/2004 6:09 PM 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2009 5:42 PM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [7/21/2010 3:40 AM 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 16:44]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 22:42]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 22:42]

2010-09-02 c:\windows\Tasks\jusched.job

- c:\program files\Common Files\Java\Java Update\jusched.exe [2010-05-14 16:44]

2010-08-26 c:\windows\Tasks\Rescue Reminder for 2HAP4DAM.job

- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 21:52]

2010-02-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 21:31]

2010-09-14 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-12 21:31]

2010-09-14 c:\windows\Tasks\User_Feed_Synchronization-{3E46BBD5-9969-4592-870B-C067E2CE112C}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\ncaq0swn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\Bruce\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-14 18:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1557201390-698359687-1059423823-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3860)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\AGRSMMSG.exe

.

**************************************************************************

.

Completion time: 2010-09-14 18:18:17 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-14 23:18

Pre-Run: 42,655,772,672 bytes free

Post-Run: 45,158,653,952 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 6DD939F4AA361CD333CBA04645F8D9E0

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::

Dequarantine::
C:\Qoobox\Quarantine\F\Autorun.vir
Quit::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Share this post


Link to post
Share on other sites
File::

Dequarantine::
C:\Qoobox\Quarantine\F\Autorun.vir
Quit::

Hello. Thank you for your help. Seems like we are on different schedules so it will be about 8 hours before I can do this. A question (I'm hoping to learn a bit as we go along); the file deleted by ComboFix according to the log was F:\Autorun.inf. In your script above you want to dequarantine \F\Autorun.vir, why does the extension change? Thanks again.

Share this post


Link to post
Share on other sites

CF renames the files it removes so they can't be activated.

Share this post


Link to post
Share on other sites

Here is the ComboFix log after running CFScript.txt. Thank you

ComboFix 10-09-15.01 - Bruce 09/15/2010 17:33:52.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.892 [GMT -5:00]

Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bruce\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

2010-09-15 15:13 . 2010-09-15 15:13 862872 ----a-w- c:\documents and settings\Ellen\Application Data\yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe

2010-09-14 00:57 . 2010-07-27 00:13 3683248 ----a-w- c:\documents and settings\Bruce\Application Data\Simply Super Software\Trojan Remover\rel62.exe

2010-09-11 02:36 . 2010-09-11 02:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-11 02:36 . 2010-09-11 02:36 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-09-11 01:33 . 2010-09-11 02:36 -------- d-----w- c:\program files\Auslogics(3)

2010-09-10 23:06 . 2010-09-11 02:36 -------- d-----w- c:\program files\Auslogics

2010-09-09 23:27 . 2010-09-09 23:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25 . 2010-09-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-09-04 02:23 . 2010-09-10 03:07 -------- d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55 . 2010-09-04 01:55 -------- d-----w- c:\documents and settings\Bruce\Application Data\Auslogics

2010-08-26 02:57 . 2010-07-27 00:13 3683248 ----a-w- c:\documents and settings\Bruce\Application Data\Simply Super Software\Trojan Remover\kpw96.exe

2010-08-25 01:22 . 2010-08-25 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-08-20 23:24 . 2010-08-20 23:24 -------- d-----w- c:\documents and settings\Ellen\Application Data\Simply Super Software

2010-08-20 00:17 . 2010-09-14 00:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-20 00:16 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\program files\Trojan Remover

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\documents and settings\Bruce\Application Data\Simply Super Software

2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-08-17 09:08 . 2010-08-17 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-17 08:58 . 2010-08-17 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion(3)

2010-08-17 02:33 . 2010-08-17 02:32 53632 ----a-w- c:\documents and settings\Bruce\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-17 01:17 . 2010-08-24 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 16:12 . 2008-06-17 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-09-15 00:30 . 2010-08-15 01:24 63488 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-15 00:30 . 2010-08-15 01:24 117760 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-15 00:29 . 2010-08-15 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-04 12:46 . 2007-08-24 23:51 -------- d-----w- c:\program files\MTV Networks

2010-09-02 12:02 . 2010-07-01 00:49 -------- d-----w- c:\program files\Speccy

2010-09-02 12:01 . 2010-01-29 23:56 -------- d-----w- c:\program files\CCleaner

2010-08-24 11:45 . 2008-12-26 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-17 13:17 . 2004-03-31 19:59 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-17 09:09 . 2004-03-31 23:59 -------- d-----w- c:\program files\Google

2010-08-17 09:09 . 2004-08-12 02:26 -------- d-----w- c:\program files\Yahoo!

2010-08-17 09:08 . 2010-08-15 22:09 -------- d-----w- c:\program files\CPUID

2010-08-17 02:33 . 2009-07-04 14:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-15 21:57 . 2010-07-01 01:45 -------- d-----w- c:\program files\Recuva

2010-08-15 21:56 . 2010-07-01 01:46 -------- d-----w- c:\program files\Defraggler

2010-08-15 01:24 . 2010-08-15 01:24 52224 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-15 01:23 . 2010-08-15 01:23 -------- d-----w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com

2010-08-13 23:06 . 2005-02-12 18:50 33792 ----a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-12 01:03 . 2010-08-12 01:03 -------- d-----w- c:\program files\ESET

2010-08-11 23:31 . 2004-03-31 23:15 -------- d-----w- c:\program files\Java

2010-08-11 03:42 . 2008-12-13 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-11 03:01 . 2004-03-31 23:15 -------- d-----w- c:\program files\Common Files\Java

2010-08-11 02:48 . 2010-08-11 02:48 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\msvcp71.dll

2010-08-11 02:48 . 2010-08-11 02:48 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\jmc.dll

2010-08-11 02:48 . 2010-08-11 02:48 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b86b97d-n\msvcr71.dll

2010-08-11 02:48 . 2010-08-11 02:48 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2af819dc-n\decora-sse.dll

2010-08-11 02:48 . 2010-08-11 02:48 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2af819dc-n\decora-d3d.dll

2010-08-08 14:30 . 2010-08-08 14:30 -------- d-----w- c:\program files\ERUNT

2010-08-08 04:11 . 2010-08-08 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2010-08-07 23:46 . 2010-07-31 01:59 -------- d-----w- c:\program files\Common Files\supportdotcom

2010-08-06 18:51 . 2010-07-31 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\support.com

2010-08-06 02:52 . 2010-08-06 02:52 -------- d-----w- c:\documents and settings\Bruce\Application Data\Vso

2010-08-06 02:52 . 2010-08-06 02:52 47360 ----a-w- c:\documents and settings\Bruce\Application Data\pcouffin.sys

2010-08-06 02:52 . 2010-08-06 02:52 47360 ----a-w- c:\documents and settings\Bruce\Application Data\pcouffin.sys

2010-08-06 01:38 . 2010-07-29 03:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-05 23:13 . 2010-03-03 04:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-05 23:05 . 2010-08-02 10:07 -------- d-----w- c:\program files\supportdotcom(2)

2010-08-03 02:24 . 2010-08-03 02:24 -------- d-----w- c:\program files\MSBuild

2010-08-03 02:24 . 2010-08-03 02:24 -------- d-----w- c:\program files\Reference Assemblies

2010-08-03 02:02 . 2010-08-03 02:02 -------- d-----w- c:\documents and settings\Bruce\Application Data\ElevatedDiagnostics

2010-08-02 23:58 . 2010-06-01 01:43 -------- d-----w- c:\program files\Windows Live Safety Center

2010-08-02 02:53 . 2010-08-02 02:53 -------- d-----w- c:\documents and settings\Ellen\Application Data\Malwarebytes

2010-08-01 15:51 . 2010-08-01 15:51 -------- d-----w- c:\documents and settings\Ellen\Application Data\supportdotcom

2010-07-31 03:15 . 2004-04-01 00:02 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-31 02:08 . 2010-07-31 02:08 -------- d-----w- c:\program files\Common Files\supportsoft

2010-07-31 02:00 . 2010-07-31 02:00 -------- d-----w- c:\documents and settings\Bruce\Application Data\supportdotcom

2010-07-31 01:12 . 2010-07-31 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-07-31 00:29 . 2004-03-31 19:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-29 03:28 . 2010-07-29 03:28 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes

2010-07-29 03:28 . 2010-07-29 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-29 00:35 . 2010-07-29 00:35 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-28 07:48 . 2010-07-28 07:48 34952 ----a-w- c:\documents and settings\Bruce.BRUCE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-25 23:19 . 2010-07-25 23:18 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-22 15:49 . 2004-08-11 23:21 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-17 11:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 08:40 . 2010-07-21 08:40 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40 . 2010-07-21 08:40 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-07-17 10:00 . 2010-08-11 02:48 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-09 18:18 . 2010-08-15 22:05 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

2010-06-30 12:31 . 2004-03-31 19:59 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-12-07 22:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-03-31 19:59 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-03-31 19:59 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 17:45 . 2004-03-31 19:59 293376 ----a-w- c:\windows\system32\winsrv.dll

2010-06-18 00:32 . 2010-03-05 03:17 15880 ----a-w- c:\windows\system32\lsdelete.exe

2004-08-24 23:43 . 2004-08-24 23:43 2609631 ----a-w- c:\program files\aawsepersonal.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 68856]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]

"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]

c:\documents and settings\Bruce\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-25 19:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]

2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

2006-06-01 23:09 1003520 ----a-w- c:\documents and settings\Bruce\My Documents\My Downloads\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]

2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]

2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 8:29 PM 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 10:56 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 10:56 AM 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/2/2010 11:28 PM 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 10:55 AM 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [8/11/2004 6:09 PM 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2009 5:42 PM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [7/21/2010 3:40 AM 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-15 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 16:44]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 22:42]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 22:42]

2010-09-02 c:\windows\Tasks\jusched.job

- c:\program files\Common Files\Java\Java Update\jusched.exe [2010-05-14 16:44]

2010-08-26 c:\windows\Tasks\Rescue Reminder for 2HAP4DAM.job

- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 21:52]

2010-02-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 21:31]

2010-09-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-12 21:31]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{3E46BBD5-9969-4592-870B-C067E2CE112C}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\ncaq0swn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\Bruce\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\Bruce\My Documents\My Downloads\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1557201390-698359687-1059423823-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3824)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-15 17:41:37

ComboFix-quarantined-files.txt 2010-09-15 22:41

ComboFix2.txt 2010-09-14 23:18

Pre-Run: 44,868,587,520 bytes free

Post-Run: 44,853,415,936 bytes free

- - End Of File - - 3B813385C82ADAEC628BA08A8BFC14A3

Share this post


Link to post
Share on other sites

There is still an autorun.inf.vir file sitting in C:\Qoobox\Quarantine\F

Share this post


Link to post
Share on other sites

External Hard Drive. Seems to be functioning ok. It did disconnect a few hours after running combofix the first time but haven't noticed anything since. Although I don't recall it ever doing that before so who knows. The file says it was created in May '07. If you want to bring it out of quarantine does the whole file name need to be used or is there another way?

Share this post


Link to post
Share on other sites

All that file does is autorun to automaticlly run / open / play the CD/DVD's or open an external device when plugged in.

Do you use that feature for your CD/DVD's, thumb drives, etc.

If you can see and open the external drive, we don't need to worry about one.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.