Possible Rootkit DDS,RkU,GMER logs

[bru]

All that file does is autorun to automaticlly run / open / play the CD/DVD's or open an external device when plugged in.

Do you use that feature for your CD/DVD's, thumb drives, etc.

If you can see and open the external drive, we don't need to worry about one.

I do especially for DVD's that my son plays and it is not working. Have to manually play from my computer each time. What do we do to get it back? Please tell me we can.

[LDTate]

Try this.

Autoplay Repair Wizard

http://www.microsoft.com/downloads/details...;DisplayLang=en

[bru]

Thinking about this a bit more I'm sure I tried a DVD after the initial ComboFix run and it auto played. So did running the script make it not work? Autoplay does seem to work for CDs which doesn't make sense to me.

[LDTate]

http://en.wikipedia.org/wiki/AutoPlay

[LDTate]

Combofix ONLY removed autorun from the F: drive.

If the CD/DVD doesn't autoplay from the D: then there's a different issue.

Be sure it's something like a music cd your trying to play.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

DEQUARANTINE::
C:\Qoobox\Quarantine\F\program files\autorun.inf.vir
C:\Qoobox\Quarantine\F:\program files\autorun.inf.vir
Quit::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Now check your F: drive for, F:\program files\autorun.inf

Also please describe how your computer behaves at the moment.

[LDTate]

Did you see my message about my using SysRestore? Right now the computer is back to (I think) before we started this and autoplay works.

These files were found by ComboFix the first time around. I scanned them all from Qoobox with MBAM and another tool and they said nothing detected. The first one concerns me a bit as I find info that it could be a keylogger.

c:\documents and settings\Bruce\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\STEC3.sys

F:\Autorun.inf

So what do I do? Go through the steps again (flush.bat, Goored, ComboFix)? Then I risk the autoplay not functioning again. I'm confused. Going through the logs from the other tools I really don't think they found anything. Sorry if I messed this up.

Please don't use the PM system. Post your comments in this topic.

Combofix ONLY removed autorun from the F: drive.

If the CD/DVD doesn't autoplay from the D: then there's a different issue.

Be sure it's something like a music cd your trying to play.

[bru]

The D drive autoplay was definitely working before this so not sure what effected it. The MS autoplay repair tool did not work so I used system restore to get the D drive autoplay working as it is important to my son's use of the computer. I'm sure that also undid the removal work. These files are what Goored got rid of:

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting C:\Documents and Settings\Bruce\Local Settings\Application Data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

Deleting C:\Documents and Settings\Ellen\Local Settings\Application Data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

ComboFix initially removed:

c:\documents and settings\Bruce\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\STEC3.sys

F:\Autorun.inf

We tried to unquarantine F:\Autorun.inf and Googling the others I get conflicting info. Did I miss other repairs? Do all of these files need to again be removed?

[LDTate]

Lets find out.

Note: You do not need to download the tools again if you still have them.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• It doesn't take long to run, once it is finished move onto the next step
  

Next:

Please read carefully and follow these steps.

• Please download

TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
    

  [*]Copy and paste the log in your next reply

  • A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    

please post the contents of that log TDSSKiller and GooredFix log.

[bru]

Looks like GooredFix found the same files and nothing for TDSSKiller. I also ran DDS and it seems that 127.0.0.1 www.spywareinfo.com entry is not there...which is good. One odd by product of this (the restore perhaps) my recycle bin was completely emptied. I've SysRestored before and don't recall that ever happening. autorun.inf is back in F: So what to do about ComboFix?

GooredFix by jpshortstuff (03.07.10.1)

Log created at 19:53 on 16/09/2010 (Bruce)

Firefox version 3.6.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting C:\Documents and Settings\Bruce\Local Settings\Application Data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} -> Success!

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

Deleting C:\Documents and Settings\Ellen\Local Settings\Application Data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:54 19/05/2010]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [23:52 21/08/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [03:00 11/08/2010]

C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\ncaq0swn.default\extensions\

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [23:17 25/08/2010]

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [02:58 11/09/2010]

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(3) [02:33 11/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:47 11/08/2010]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:27 03/08/2010]

-=E.O.F=-

2010/09/16 19:54:19.0169 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/16 19:54:19.0169 ================================================================================

2010/09/16 19:54:19.0169 SystemInfo:

2010/09/16 19:54:19.0169

2010/09/16 19:54:19.0169 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/16 19:54:19.0169 Product type: Workstation

2010/09/16 19:54:19.0169 ComputerName: BRUCE

2010/09/16 19:54:19.0169 UserName: Bruce

2010/09/16 19:54:19.0169 Windows directory: C:\WINDOWS

2010/09/16 19:54:19.0169 System windows directory: C:\WINDOWS

2010/09/16 19:54:19.0169 Processor architecture: Intel x86

2010/09/16 19:54:19.0169 Number of processors: 2

2010/09/16 19:54:19.0169 Page size: 0x1000

2010/09/16 19:54:19.0169 Boot type: Normal boot

2010/09/16 19:54:19.0169 ================================================================================

2010/09/16 19:54:19.0451 Initialize success

2010/09/16 19:54:36.0154 ================================================================================

2010/09/16 19:54:36.0154 Scan started

2010/09/16 19:54:36.0154 Mode: Manual;

2010/09/16 19:54:36.0154 ================================================================================

2010/09/16 19:54:37.0060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/16 19:54:37.0263 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/16 19:54:37.0560 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/09/16 19:54:37.0763 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/16 19:54:37.0982 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/16 19:54:38.0248 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/09/16 19:54:39.0451 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/16 19:54:39.0888 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/16 19:54:40.0232 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/09/16 19:54:40.0482 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/16 19:54:40.0716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/16 19:54:40.0966 ati2mtag (8a4bb7291606fba4eaafd7b5604255a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/09/16 19:54:41.0232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/16 19:54:41.0498 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/16 19:54:41.0794 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/09/16 19:54:42.0091 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/09/16 19:54:42.0326 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/09/16 19:54:42.0544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/16 19:54:42.0732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/16 19:54:42.0951 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/16 19:54:43.0232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/16 19:54:43.0451 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/16 19:54:43.0654 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/16 19:54:44.0107 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/16 19:54:44.0357 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/16 19:54:44.0669 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/09/16 19:54:44.0857 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/16 19:54:45.0076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/16 19:54:45.0326 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/16 19:54:45.0607 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/16 19:54:45.0826 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/09/16 19:54:46.0060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/16 19:54:46.0326 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/16 19:54:46.0544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/16 19:54:46.0763 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/16 19:54:46.0982 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/16 19:54:47.0201 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/16 19:54:47.0466 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/16 19:54:47.0732 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/16 19:54:47.0998 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/16 19:54:48.0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/16 19:54:48.0669 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/16 19:54:49.0310 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/16 19:54:49.0513 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/16 19:54:49.0794 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/16 19:54:50.0310 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/16 19:54:50.0560 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/16 19:54:50.0794 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/16 19:54:51.0013 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/16 19:54:51.0263 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/16 19:54:51.0544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/16 19:54:51.0794 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/16 19:54:52.0044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/16 19:54:52.0263 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/16 19:54:52.0498 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/16 19:54:52.0716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/16 19:54:52.0919 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/16 19:54:53.0154 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/09/16 19:54:53.0466 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/16 19:54:53.0669 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/16 19:54:53.0888 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/16 19:54:54.0091 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/16 19:54:54.0341 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/16 19:54:54.0685 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/16 19:54:54.0935 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/16 19:54:55.0294 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/16 19:54:55.0544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/16 19:54:55.0763 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/16 19:54:55.0966 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/16 19:54:56.0216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/16 19:54:56.0404 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/16 19:54:56.0669 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/16 19:54:56.0935 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

2010/09/16 19:54:57.0123 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/16 19:54:57.0388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/16 19:54:57.0638 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/16 19:54:57.0888 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/16 19:54:58.0107 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/16 19:54:58.0326 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/16 19:54:58.0544 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/16 19:54:58.0748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/16 19:54:58.0966 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/16 19:54:59.0185 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/16 19:54:59.0466 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/16 19:54:59.0701 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/16 19:54:59.0998 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/16 19:55:00.0185 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/16 19:55:00.0404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/16 19:55:00.0654 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/16 19:55:00.0888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/16 19:55:01.0107 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/16 19:55:01.0388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/16 19:55:01.0591 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/16 19:55:01.0904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/16 19:55:02.0091 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/16 19:55:02.0654 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/16 19:55:02.0873 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/16 19:55:03.0091 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/16 19:55:03.0326 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/16 19:55:03.0544 PxHelp20 (25639ba81c01a3e0508901829479954f) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/16 19:55:03.0966 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/16 19:55:04.0185 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/16 19:55:04.0466 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/16 19:55:04.0669 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/16 19:55:04.0904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/16 19:55:05.0123 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/16 19:55:05.0326 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/16 19:55:05.0576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/16 19:55:05.0794 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/16 19:55:05.0873 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/16 19:55:06.0357 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/09/16 19:55:06.0591 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/16 19:55:06.0841 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/09/16 19:55:07.0123 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/16 19:55:07.0544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/16 19:55:07.0810 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys

2010/09/16 19:55:08.0201 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys

2010/09/16 19:55:08.0560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/16 19:55:08.0763 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/16 19:55:08.0998 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/16 19:55:09.0201 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys

2010/09/16 19:55:09.0435 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys

2010/09/16 19:55:09.0716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/16 19:55:09.0951 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/16 19:55:10.0138 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/16 19:55:10.0576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/16 19:55:10.0810 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/16 19:55:11.0029 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/16 19:55:11.0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/16 19:55:11.0498 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/16 19:55:11.0857 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/16 19:55:12.0123 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/16 19:55:12.0419 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/16 19:55:12.0654 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/16 19:55:12.0857 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/16 19:55:13.0076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/16 19:55:13.0294 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/16 19:55:13.0544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/16 19:55:13.0763 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/16 19:55:14.0029 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/16 19:55:14.0294 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/16 19:55:14.0513 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/16 19:55:14.0779 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/16 19:55:15.0013 WmBEnum (161a60f172ebfc6225b4eb173f6010a7) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/09/16 19:55:15.0201 WmFilter (91c509dc3b79cbaa2a9447adad3ee23c) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/09/16 19:55:15.0466 WmXlCore (c8038756dd997a78c8953d15be841aaf) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/09/16 19:55:15.0576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/16 19:55:15.0810 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/16 19:55:16.0076 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/09/16 19:55:16.0310 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/09/16 19:55:16.0404 ================================================================================

2010/09/16 19:55:16.0404 Scan finished

2010/09/16 19:55:16.0404 ================================================================================

DDS (Ver_10-03-17.01) - NTFSx86

Run by Bruce at 20:04:57.34 on Thu 09/16/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.917 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Bruce\Desktop\Computer Maintenance\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: chase.com

Trusted Zone: chase.com\*.chaseonline

Trusted Zone: chase.com\chaseonline

Trusted Zone: chase.com\www

Trusted Zone: fidelity.com\guidance

Trusted Zone: fidelity.com\www

Trusted Zone: gailborden.info\innovative

Trusted Zone: gailborden.info\search

Trusted Zone: gailborden.info\www

Trusted Zone: speedway.com

Trusted Zone: vanguard.com

Trusted Zone: yahoo.com

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe

DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213825210359

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.8758449074

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\system32\srrstr.

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\ncaq0swn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\bruce\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprpjplug.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-2 95024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 297752]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-8-11 86098]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-09-16 16:19:03 0 d-----w- c:\windows\system32\wbem\Repository

2010-09-16 03:11:01 0 d-----w- C:\RECYCLER(2)

2010-09-15 22:30:37 0 d-----w- C:\ComboFix(2)

2010-09-14 22:59:24 0 d-----w- C:\cmdcons

2010-09-11 02:36:18 0 d-----w- c:\program files\Hitman Pro 3.5

2010-09-11 01:33:28 0 d-----w- c:\program files\Auslogics(3)

2010-09-10 23:06:52 0 d-----w- c:\program files\Auslogics

2010-09-09 23:27:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-09 23:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-09-04 02:23:25 0 d-----w- c:\program files\SpywareBlaster

2010-09-04 01:55:30 0 d-----w- c:\docume~1\bruce\applic~1\Auslogics

2010-08-25 01:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-20 00:16:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-08-20 00:16:29 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-08-20 00:16:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-08-20 00:16:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-08-20 00:16:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-08-20 00:16:27 0 d-----w- c:\program files\Trojan Remover

2010-08-20 00:16:27 0 d-----w- c:\docume~1\bruce\applic~1\Simply Super Software

2010-08-20 00:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-06 02:52:28 87608 ----a-w- c:\docume~1\bruce\applic~1\inst.exe

2010-08-06 02:52:28 47360 ----a-w- c:\docume~1\bruce\applic~1\pcouffin.sys

2010-08-05 23:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-31 22:06:03 33400 ----a-w- c:\docume~1\bruce\applic~1\GDIPFONTCACHEV1.DAT

2010-07-31 00:29:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 08:40:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll

2010-07-21 08:40:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2004-08-24 23:43:34 2609631 ----a-w- c:\program files\aawsepersonal.exe

============= FINISH: 20:05:54.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/11/2004 6:06:12 PM

System Uptime: 9/16/2010 1:26:27 PM (7 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 143 GiB total, 40.967 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 54.785 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 7/31/2010 12:03:19 PM - System Checkpoint

RP5: 7/31/2010 12:03:42 PM - CLEAN

RP6: 7/31/2010 12:04:14 PM - Support.com Service Complete

RP7: 8/1/2010 11:07:33 AM - Installed ClearType Tuning Control Panel Applet

RP8: 8/2/2010 5:22:30 AM - Restore Operation

RP9: 8/2/2010 5:59:56 AM - clean

RP10: 8/2/2010 9:00:59 PM - Installed %1 %2.

RP11: 8/2/2010 9:15:04 PM - Software Distribution Service 3.0

RP12: 8/2/2010 9:23:00 PM - Installed Windows KB954550-v5.

RP13: 8/2/2010 9:23:14 PM - Printer Driver Microsoft XPS Document Writer Installed

RP14: 8/2/2010 9:23:40 PM - Printer Driver Microsoft XPS Document Writer Installed

RP15: 8/2/2010 9:32:37 PM - Software Distribution Service 3.0

RP16: 8/3/2010 6:18:05 AM - Installed Windows Internet Explorer 8.

RP17: 8/3/2010 6:19:31 AM - Software Distribution Service 3.0

RP18: 8/3/2010 6:50:30 AM - Software Distribution Service 3.0

RP19: 8/3/2010 7:37:15 PM - Installed ClearType Tuning Control Panel Applet

RP20: 8/3/2010 9:01:11 PM - Restore Operation

RP21: 8/3/2010 9:44:25 PM - Software Distribution Service 3.0

RP22: 8/5/2010 8:45:12 AM - System Checkpoint

RP23: 8/5/2010 5:39:45 PM - 8/5

RP24: 8/5/2010 5:40:41 PM - Restore Operation

RP25: 8/5/2010 7:59:31 PM - Software Distribution Service 3.0

RP26: 8/6/2010 6:05:00 PM - driver

RP27: 8/7/2010 8:44:12 PM - System Checkpoint

RP28: 8/7/2010 11:10:18 PM - Installed Driver Whiz.

RP29: 8/7/2010 11:23:57 PM - Removed Driver Whiz.

RP30: 8/9/2010 9:25:55 PM - System Checkpoint

RP31: 8/10/2010 9:47:27 PM - Installed Java 6 Update 20

RP32: 8/10/2010 10:00:17 PM - Installed Java 6 Update 21

RP33: 8/10/2010 10:08:56 PM - Removed Java 6 Update 3

RP34: 8/10/2010 10:26:31 PM - Software Distribution Service 3.0

RP35: 8/12/2010 6:50:04 AM - Software Distribution Service 3.0

RP36: 8/12/2010 6:29:46 PM - Software Distribution Service 3.0

RP37: 8/13/2010 10:02:50 PM - System Checkpoint

RP38: 8/15/2010 8:31:49 AM - System Checkpoint

RP39: 8/16/2010 10:48:52 AM - System Checkpoint

RP40: 8/16/2010 9:20:08 PM - Avg8 Update

RP41: 8/16/2010 9:26:14 PM - Removed Google Earth.

RP42: 8/16/2010 9:27:13 PM - Installed Google Earth.

RP43: 8/17/2010 3:57:21 AM - Restore Operation

RP44: 8/17/2010 4:07:18 AM - Restore Operation

RP45: 8/18/2010 7:40:15 AM - System Checkpoint

RP46: 8/19/2010 7:44:52 AM - System Checkpoint

RP47: 8/20/2010 8:32:51 AM - System Checkpoint

RP48: 8/21/2010 2:01:20 PM - System Checkpoint

RP49: 8/21/2010 6:51:26 PM - Restore Operation

RP50: 8/21/2010 11:01:21 PM - good

RP51: 8/23/2010 7:32:59 AM - System Checkpoint

RP52: 8/23/2010 9:37:26 PM - Installed ClearType Tuning Control Panel Applet

RP53: 8/23/2010 10:14:23 PM - good

RP54: 8/24/2010 6:46:43 AM - Configured AVG Free 8.5

RP55: 8/24/2010 8:21:47 PM - again

RP56: 8/24/2010 8:22:08 PM - Restore Operation

RP57: 8/25/2010 11:54:25 PM - System Checkpoint

RP58: 8/27/2010 7:38:23 AM - System Checkpoint

RP59: 8/28/2010 11:10:16 AM - System Checkpoint

RP60: 8/29/2010 2:03:27 PM - System Checkpoint

RP61: 8/30/2010 3:07:13 PM - System Checkpoint

RP62: 8/31/2010 3:30:21 PM - System Checkpoint

RP63: 9/1/2010 4:16:42 PM - System Checkpoint

RP64: 9/2/2010 4:56:06 PM - System Checkpoint

RP65: 9/3/2010 7:08:23 PM - System Checkpoint

RP66: 9/4/2010 7:43:16 AM - Revo Uninstaller's restore point - URGE

RP67: 9/4/2010 7:43:39 AM - Removed URGE

RP68: 9/7/2010 7:21:02 AM - System Checkpoint

RP69: 9/8/2010 9:39:49 AM - System Checkpoint

RP70: 9/8/2010 7:55:47 PM - Avg8 Update

RP71: 9/9/2010 8:59:38 PM - Revo Uninstaller's restore point - WinRAR archiver

RP72: 9/10/2010 8:31:31 PM - 123

RP73: 9/10/2010 8:32:14 PM - Restore Operation

RP74: 9/10/2010 8:39:54 PM - Avg8 Update

RP75: 9/10/2010 9:34:56 PM - Restore Operation

RP76: 9/12/2010 2:35:19 PM - System Checkpoint

RP77: 9/12/2010 5:50:40 PM - abc

RP78: 9/13/2010 6:43:49 PM - System Checkpoint

RP79: 9/14/2010 8:28:47 PM - System Checkpoint

RP80: 9/15/2010 7:06:37 AM - Software Distribution Service 3.0

RP81: 9/16/2010 7:33:17 AM - System Checkpoint

RP82: 9/16/2010 11:14:05 AM - Restore Operation

RP83: 9/16/2010 11:39:50 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Agere Systems AC'97 Modem

Apple Mobile Device Support

Apple Software Update

Atari: The 80 Classic Games

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Auslogics Disk Defrag

AVG Free 8.5

Bonjour

Canon i350

CCleaner

Click to DVD 2.0 Menu Data

Click to DVD 2.0.02

CPUID CPU-Z 1.55

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

Drag'n Drop CD+DVD

DVgate Plus

ERUNT 1.1j

ESET Online Scanner v3

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

InterVideo WinDVD 5 for VAIO

iPod for Windows 2005-01-11

iPod for Windows 2005-02-07

iPod for Windows 2005-02-22

iPod for Windows 2005-03-23

iPod for Windows 2005-06-26

iPod Updater 2004-08-06

iPod Updater 2004-10-20

iPod Updater 2004-11-15

iTunes

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Maxtor Manager

Memory Stick Formatter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works 7.0

MoodLogic

Move Media Player

Mozilla Firefox (3.6.8)

MSN Music Assistant

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OpenMG Limited Patch 3.4-03-12-16-01

OpenMG Secure Module 3.4.00

PictureGear Studio 2.0

QuickTime

RealPlayer

Recuva

Revo Uninstaller 1.89

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SonicStage 2.0.02

Sony Certificate PCH

Sony Video Shared Library

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 4.4

SUPERAntiSpyware

Trojan Remover 6.8.2

Update for Windows XP (KB2141007)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

VAIO Entertainment Platform

VAIO Help and Support

VAIO Media 3.0

VAIO Media Integrated Server 3.0

VAIO Media Redistribution 3.0

VAIO Registration

VAIO SLIT-C Screen Saver

VAIO SLIT Pattern Wallpaper

VAIO Survey Standalone

VAIO System Information

VAIO Update 2

Viewpoint Manager (Remove Only)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Welcome to VAIO life

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB821253

Windows XP Service Pack 3

WingMan Software

Yahoo! Address AutoComplete

Yahoo! Anti-Spy

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/14/2010 7:29:31 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

9/14/2010 6:06:18 PM, error: PlugPlayManager [11] - The device Root\LEGACY_STEC3\0000 disappeared from the system without first being prepared for removal.

9/11/2010 2:00:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

9/11/2010 10:28:33 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

9/10/2010 7:35:06 PM, error: Service Control Manager [7000] - The rootrepeal service failed to start due to the following error: The system cannot find the file specified.

9/10/2010 7:31:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbcpHid

9/10/2010 7:26:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid Tcpip

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

[LDTate]

We won't run CF.

Delete these files if found.

c:\documents and settings\Bruce\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\STEC3.sys

[bru]

I was looking at this entry:

9/14/2010 6:06:18 PM, error: PlugPlayManager [11] - The device Root\LEGACY_STEC3\0000 disappeared from the system without first being prepared for removal.

Would STEC3 have anything to do with the AutoPlay problem?

[LDTate]

Did you already read this topic?

http://www.pronetworks.org/forums/plugplay...-sp1-t6281.html

[bru]

Delete these files if found.

c:\documents and settings\Bruce\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\STEC3.sys

Files deleted.

[bru]

I ran Kaspersky Online scan which found the following in my external drive. I think I deleted them. The second scan log after is included.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 18, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, September 17, 2010 22:43:43

Records in database: 4217460

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan statistics:

Objects scanned: 162930

Threats found: 6

Infected objects found: 6

Suspicious objects found: 0

Scan duration: 03:50:43

File name / Threat / Threats count

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\55\29a44837-6fe95d03 Infected: Trojan-Downloader.Java.Agent.dm 1

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\55\29a44837-6fe95d03 Infected: Trojan-Downloader.Java.Agent.dl 1

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\55\29a44837-6fe95d03 Infected: Exploit.Java.Agent.e 1

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\57\59a2a379-7e0dea65 Infected: Trojan.Java.Agent.l 1

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\57\59a2a379-7e0dea65 Infected: Trojan-Downloader.Java.Agent.do 1

F:\Maxtor backup\BRUCE\History\Level2\C\Documents and Settings\Ellen\Application Data\Sun\Java\Deployment\cache\6.0\57\59a2a379-7e0dea65 Infected: Trojan-Downloader.Java.Agent.dn 1

Selected area has been scanned.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 18, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, September 17, 2010 22:43:43

Records in database: 4217460

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - Folder:

F:\

Scan statistics:

Objects scanned: 43457

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 00:36:07

No threats found. Scanned area is clean.

Selected area has been scanned.

[LDTate]

That looks good to me.

How's it running?

[bru]

Computer seems ok a few hiccups here and there but I guess not malware related. I still have trouble with SAS not giving me a dialog box. Anything else we should run to confirm all clear or is that it?

[LDTate]

As far as I can tell you're all clean

[bru]

OK. I've got a few files and folders left over...anything we need to remove? Anything I shouldn't get rid of? Thanks very much.

[LDTate]

OK. I've got a few files and folders left over...anything we need to remove? Anything I shouldn't get rid of? Thanks very much.

I can't see what you have leftover

[bru]

There's a C:\Qoobox folder which among other things has a quarantine folder with the stuff that was removed and a folder named BackEnv(2) which has a lot of .folder files. There's a couple of Goored fix backup folders. Things like that.

[LDTate]

You can remove these leftover files and folders if listed:

C:\ComboFix

C:\QooBox

C:\combofix.txt

C:\combofix-quarantine-files.txt

All the Goored fix backup folders

As for: BackEnv(2), I'd only remove those if they're in the QooBox folder

[bru]

Will do. Thanks

[LDTate]

You're more than welcome.

Glad we were able to help

Peace be with you