View Full Version : Rootkit dropper/trojan (still)
Hi,
I had a post in progress the end of April, and BLADE81 was kindly helping me. But I got sick & ended up in the hospital for 12 days. Am better now - :-)
Here's the original post if needed :http://forums.spybot.info/showthread.php?t=56775
I hope BLADE81 or someone can help me finish cleaning & fixing my laptop.
Thank you in advance!
Here's some updated info, in case it is needed:
1. Combofix: While I was laid up, my brother came in town to help me & decided to work on my computer woes, as well. He told me he could not get combofix to work.
Although he was vague and doesn't remember what he did with it! A strange thing -- I see an icon that looks like "My Computer" and it is here
C:\ComboFix.
When I click & look inside - there are icons of my DRIVES! I actually don't remember putting the file there and give it a "my computer icon," but I had a fever, so maybe I did. I am afraid to delete it without asking, because it looks like it will delete ALL MY DRIVES! Should I leave it?
2. Updated programs & A-V: My brother was able to get all my windows and ms products updated. And, he installed & ran every free a-v software there is, I think. I kept them installed, but only enable one at a time, just in case. Thats because one would find one thing, and another would not, etc.
I thought if I had them disabled & only enable one, use it, disable it, then another, use it, etc. that it would be okay? Is this okay, or must I remove all but one?
3. He ran secunia and found a few other things I need to get updated, but I want to make sure the computer is safe first.
4. Problems: My laptop problems are still here. A couple of days ago, I was re-directed after doing google searches. First, the valid looking search results come up, but when I chose one, such as a microsoft web site for "windows defender" I am sent to "goodbites" (recipes, I think), not a site I've ever visited. I just closed fire fox. I've also been redirected to a "d link search" address. (There are no spaces in the real addresses, I just put the spaces, so it would not be a real link.) I'm afraid the redirector/trojan/rootkit is still lurking.
I ran ccleaner today and it cleaned a lot of junk left over from old programs, but my programs are still running very slow.
5. Here's whats been found so far:
Windows malicious remover tool, found something called "Aleuron", but I cannot find a log or report for it, so I cannot tell exactly what it was. I believe it reported that it was removed, but to run a full anti-v scan, which I did.
Other things:
ESET Online found these.
C:\Windows\System32\dclfeqbb.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ddnsfjaa.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ikvbqtei.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\LnXGPpVw.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\tnrppbkq.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\vkqtnrvn.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ymcwsnuu.ini Win32/Adware.Virtumonde.NEO application
I looked all over for these files, to scan or delete them, and cannot find them at all. I'm pretty sure I have all files unhidden.
Malawarebytes found & removed:
3 rootkit.droppers & 4 trojan DNS changers (see logs below)
Avira found (see logs below):
W95/blumblebee.1738->object=pskavs.dll
and
EXP/Java.Agent.F.6.
I had them moved to quarantine.
Here's my DDS logs from today:
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 20:15:14.99 on Fri 05/21/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.832 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\apshook.dll,avgrsstx.dll c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-15 164048]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-14 29512]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-14 267432]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-15 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-15 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-14 308064]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-14 60936]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:39:16 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-15 02:39:31 0 d-----w- c:\users\admin\appdata\roaming\Avira
2010-05-15 02:31:05 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-15 02:31:02 0 d-----w- c:\programdata\Avira
2010-05-15 02:31:02 0 d-----w- c:\program files\Avira
2010-05-15 01:25:05 0 d--h--w- C:\$AVG
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:51:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-14 22:50:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-14 22:50:16 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 22:48:06 0 d-----w- c:\programdata\avg9
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:17:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 05:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 05:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 05:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 05:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-12 22:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 20:18:54.80 ===============
Hi,
There're way too many antivirus programs installed and running there. Please decide which one you want to keep and uninstall other ones.
Please re-run DDS and post back both logs it creates. Create GMER log too:
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Hi, I chose Comodo & uninstalled AVG9, Avira (Antivir), Avast, Norton I had 2 years ago, which I didn't realize Symantic was still running an "updater." I uninstalled McAfee 2 years ago, also, but still cannot get the "McAfee Virus Scan Enterprise" program unlisted in the the control panel/programs & features.
Windows Defender has been turned off since my problems started and cannot turn it on. Something about a group policy, which I cannot figure out. I didnt uninstall it.
Here are my 2 DDS logs, and gmer log.
Thanks for helping.
TC
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 14:55:04.09 on Wed 05/26/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.998 [GMT -4:00]
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\TAICHIdds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\apshook.dll,c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:17:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 05:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 05:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 05:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 05:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-12 22:02:38 261632 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 14:56:23.41 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/26/2010 2:43:41 PM (0 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 98.55 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1153: 5/16/2010 7:37:56 PM - Windows Update
RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
==== Installed Programs ======================
2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
COMODO Internet Security
COMODO livePCsupport
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 5
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
McAfee VirusScan Enterprise
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3
==== Event Viewer Messages From Past Week ========
5/26/2010 2:46:10 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/26/2010 2:46:10 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 8:27:46 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/21/2010 8:27:46 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/21/2010 4:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/21/2010 4:24:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/21/2010 4:24:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2010 4:23:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/21/2010 4:23:35 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/21/2010 4:23:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/19/2010 3:54:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
==== End Of File ===========================
The gmer log is very big, so will put in next post.
Wow, I really did NOT select "all files." I have no idea why the log is so big, I cannot post it, and forum won't allow me to attach it. This is notice I get:
GMER 5262010.txt:
Your file of 745.4 KB bytes exceeds the forum's limit of 48.8 KB for this filetype. t.
I'll try to run it in safe mode and see if results are still too big.
Ok, I tried to run gmer again. I also went online and downloaded a fresh gmer file. It runs for about 1 minute then just stops at \device\volumeshadowcopy1. This happens in normal mode, and, I tried it 3 times in safe mode, and the same thing happened. One time in safe mode, I got a blue screen and windows shut down. Do you want me to try to cut and paste the huge log into several posts? Here's the beginning & end of the log if that helps. Thanks for helping.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 15:30:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8FB199B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8FB1AD34]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8FB19BA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8FB18CF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8FB1961C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8FB18BCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8FB193B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8FB1A9C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8FB18710]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8FB18542]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8FB1A600]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8FB18F8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8FB197F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8FB18226]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8FB1923C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8FB183BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8FB1A094]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8FB1A348]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8FB1A7CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8FB18F26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8FB19128]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8FB18A6A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8FB18910]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8FB19CB2]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 82CC487C 4 Bytes [B6, 99, B1, 8F] {MOV DH, 0x99; MOV CL, 0x8f}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CC48A0 8 Bytes [34, AD, B1, 8F, A2, 9B, B1, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CC4924 4 Bytes [F0, 8C, B1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CC493C 4 Bytes [1C, 96, B1, 8F] {SBB AL, 0x96; MOV CL, 0x8f}
.text ntkrnlpa.exe!KeSetEvent + 205 82CC4968 4 Bytes [CC, 8B, B1, 8F]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrLoadDll 77A49390 5 Bytes JMP 10023430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrUnloadDll 77A5BA50 7 Bytes JMP 1001CF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrGetProcedureAddress 77A65A88 5 Bytes JMP 10025C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtAllocateVirtualMemory 77A84134 5 Bytes JMP 10025C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtClose 77A84314 5 Bytes JMP 1001CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateFile 77A843D4 5 Bytes JMP 10025D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateProcess 77A84494 5 Bytes JMP 10025DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateProcessEx 77A844A4 5 Bytes JMP 10025D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtDeleteFile 77A847B4 5 Bytes JMP 10025CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtFreeVirtualMemory 77A84944 5 Bytes JMP 10025BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtLoadDriver 77A84A64 5 Bytes JMP 10025C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtOpenFile 77A84BB4 5 Bytes JMP 10025CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtProtectVirtualMemory 77A84D34 5 Bytes JMP 10025CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtSetInformationProcess 77A85324 5 Bytes JMP 10025C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtUnloadDriver 77A85574 5 Bytes JMP 10025C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtWriteVirtualMemory 77A85674 5 Bytes JMP 10025D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!RtlAllocateHeap 77A86570 5 Bytes JMP 10025BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateProcessW 760F1BF3 5 Bytes JMP 10025D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateProcessA 760F1C28 5 Bytes JMP 10025D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!VirtualProtect 760F1DC3 5 Bytes JMP 100258B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!OpenFile 760F355A 5 Bytes JMP 10025B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileW 760FA2F2 5 Bytes JMP 10025A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileExW 76100211 7 Bytes JMP 10025A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileW 76100299 5 Bytes JMP 10025AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!DeleteFileW 7610F4B6 5 Bytes JMP 10025970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!DeleteFileA 7610F5D2 5 Bytes JMP 10025990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileWithProgressW 761110A4 5 Bytes JMP 100259B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileExW 761110C8 5 Bytes JMP 100259F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryExW 76119109 7 Bytes JMP 10025B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryW 76119362 5 Bytes JMP 100258F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryExA 761194B4 5 Bytes JMP 10025B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryA 761194DC 5 Bytes JMP 10025910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetProcAddress 7613903B 5 Bytes JMP 10025BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetModuleHandleA 761392A5 5 Bytes JMP 10025950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetModuleHandleW 7613A804 5 Bytes JMP 10025930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateFileW 7613AECB 5 Bytes JMP 10025AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateFileA 7613CE5F 5 Bytes JMP 10025B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileExA 76140F0A 5 Bytes JMP 10025A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileWithProgressA 76140F2A 5 Bytes JMP 100259D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileA 76142433 5 Bytes JMP 10025AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileA 7617F641 5 Bytes JMP 10025A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileExA 761819F9 5 Bytes JMP 10025A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!WinExec 76185CF7 5 Bytes JMP 100258D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadModule 76185E4F 5 Bytes JMP 10025B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] USER32.dll!EndTask 769FAD32 5 Bytes JMP 10027320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateProcessAsUserA 7667CEB9 5 Bytes JMP 1001FEB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateProcessAsUserW 76691EE9 5 Bytes JMP 1001F6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceA 76692EBD 7 Bytes JMP 10026560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceW 76698354 3 Bytes JMP 10026800 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceW + 4 76698358 3 Bytes [99, CC, CC] {CDQ ; INT 3 ; INT 3 }
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateServiceW 766B9EB4 7 Bytes JMP 10026A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateServiceA 766F72A1 7 Bytes JMP 10026D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] WS2_32.dll!WSASocketW 77BD34EB 7 Bytes JMP 100257B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] WS2_32.dll!WSASocketA 77BD8FA9 5 Bytes JMP 100257D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ole32.dll!CoGetClassObject 762CFABC 5 Bytes JMP 10027560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ole32.dll!CoCreateInstanceEx 762E9EE9 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrLoadDll 77A49390 5 Bytes JMP 10023430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrUnloadDll 77A5BA50 7 Bytes JMP 1001CF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrGetProcedureAddress 77A65A88 5 Bytes JMP 10025C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtAllocateVirtualMemory 77A84134 5 Bytes JMP 10025C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtClose 77A84314 5 Bytes JMP 1001CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateFile 77A843D4 5 Bytes JMP 10025D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateProcess 77A84494 5 Bytes JMP 10025DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateProcessEx 77A844A4 5 Bytes JMP 10025D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtDeleteFile 77A847B4 5 Bytes JMP 10025CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtFreeVirtualMemory 77A84944 5 Bytes JMP 10025BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtLoadDriver 77A84A64 5 Bytes JMP 10025C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtOpenFile 77A84BB4 5 Bytes JMP 10025CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtProtectVirtualMemory 77A84D34 5 Bytes JMP 10025CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtSetInformationProcess 77A85324 5 Bytes JMP 10025C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtUnloadDriver 77A85574 5 Bytes JMP 10025C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtWriteVirtualMemory 77A85674 5 Bytes JMP 10025D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!RtlAllocateHeap 77A86570 5 Bytes JMP 10025BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateProcessW 760F1BF3 5 Bytes JMP 10025D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateProcessA 760F1C28 5 Bytes JMP 10025D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!VirtualProtect 760F1DC3 5 Bytes JMP 100258B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!OpenFile 760F355A 5 Bytes JMP 10025B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileW 760FA2F2 5 Bytes JMP 10025A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileExW 76100211 7 Bytes JMP 10025A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileW 76100299 5 Bytes JMP 10025AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!DeleteFileW 7610F4B6 5 Bytes JMP 10025970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!DeleteFileA 7610F5D2 5 Bytes JMP 10025990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileWithProgressW 761110A4 5 Bytes JMP 100259B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileExW 761110C8 5 Bytes JMP 100259F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryExW 76119109 7 Bytes JMP 10025B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryW 76119362 5 Bytes JMP 100258F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryExA 761194B4 5 Bytes JMP 10025B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryA 761194DC 5 Bytes JMP 10025910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetProcAddress 7613903B 5 Bytes JMP 10025BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetModuleHandleA 761392A5 5 Bytes JMP 10025950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetModuleHandleW 7613A804 5 Bytes JMP 10025930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateFileW 7613AECB 5 Bytes JMP 10025AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateFileA 7613CE5F 5 Bytes JMP 10025B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileExA 76140F0A 5 Bytes JMP 10025A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileWithProgressA 76140F2A 5 Bytes JMP 100259D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileA 76142433 5 Bytes JMP 10025AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileA 7617F641 5 Bytes JMP 10025A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileExA 761819F9 5 Bytes JMP 10025A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!WinExec 76185CF7 5 Bytes JMP 100258D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadModule 76185E4F 5 Bytes JMP 10025B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] USER32.dll!EndTask 769FAD32 5 Bytes JMP 10027320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateProcessAsUserA 7667CEB9 5 Bytes JMP 1001FEB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateProcessAsUserW 76691EE9 5 Bytes JMP 1001F6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceA 76692EBD 7 Bytes JMP 10026560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceW 76698354 3 Bytes JMP 10026800 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceW + 4 76698358 3 Bytes [99, CC, CC] {CDQ ; INT 3 ; INT 3 }
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateServiceW 766B9EB4 7 Bytes JMP 10026A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateServiceA 766F72A1 7 Bytes JMP 10026D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteW 76F29725 5 Bytes JMP 10025870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteExW 76F7C135 5 Bytes JMP 10025830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteEx 77129FE2 5 Bytes JMP 10025850 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteA 7712A07D 5 Bytes JMP 10025890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ole32.dll!CoGetClassObject 762CFABC 5 Bytes JMP 10027560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ole32.dll!CoCreateInstanceEx 762E9EE9 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[640] ntdll.dll!LdrLoadDll
***** (there were many many more lines just like the ones above,
then it ends like this)*****************
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdMadeAnyProgress] [8CEF47D5] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdCompleteEvent] [8CEF50D6] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetLowestDeviceObject] [8CEF504A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetDeviceObject] [8CEF5016] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetLastEvent] [8CEF5036] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdEnterMonitoredSection] [8CEF480F] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdExitMonitoredSection] [8CEF488B] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdFreeDeferredWatchdog] [8CEF9014] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStopDeferredWatch] [8CEF4972] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStartDeferredWatch] [8CEF46E1] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdAllocateDeferredWatchdog] [8CEF8F7A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdSuspendDeferredWatch] [8CEF4763] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdResumeDeferredWatch] [8CEF4773] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hi,
Disable protection software and run ComboFix (let it update itself). Post back the report.
Disable protection software and run ComboFix (let it update itself). Post back the report.
Ok, I will try again, but have not had success running it two times before.
ME:
I see an icon that looks like "My Computer" and it is here
C:\ComboFix.
This is the one that has icons for my drives. Should I leave it there for now and get another combofix?
Sorry for being so confused. Thanks for being patient.
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
I downloaded a new combofix to desktop & I have the directions. I followed everything exactly as instructed. Made sure all protection was stopped, etc.
In normal mode it notified me that “Kindly write down this .. trying to attach, may need it later “C:\windows\System32\APSHook.dll.” Then it got to “preparing to run – attempting to cerate a new system restore point…” I saw it backing up to C:\windows\erdnt\HIV-backup…(or something like that), and the red/blue progress bars. Then combofix CLOSED, and nothing else happened.
In safe mode, it got to the backing up part (without the “trying to attach” notice). But the computer has been sitting there for 20 minutes at the ComboFix blue screen with “Please wait. ComboFix is preparing to run.”
What should I try next? Thanks.
Hi,
It's likely Comodo causing the issue. Uninstall it for now. Then seem if you're able to run ComboFix in safe mode with networking.
Hi,
It's likely Comodo causing the issue. Uninstall it for now. Then seem if you're able to run ComboFix in safe mode with networking.
My laptop is not cooperating! Sorry, but this is so frustrating.
I uninstalled Comodo’s two programs, I re-downloaded to desktop and re-nemed on the download combofix to tc5272010.exe. Made sure everything turned off. And, restarted in safemode with networking. The Combofix blue screen comes on, gets to part where it backs up registry. Then just sits at “Please wait. Combofix is preparing to run.”
No luck, still not working.
http://forums.spybot.info/images/smilies/confused1.gif
Please post a fresh dds log.
Please post a fresh dds log.
Done, here's both logs.
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 12:55:47.02 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1103 [GMT -4:00]
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-05-27 16:07:07 0 d-s---w- C:\tc5272010
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 12:56:44.66 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/27/2010 12:48:47 PM (0 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 102.984 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport
==== Installed Programs ======================
2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 5
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
McAfee VirusScan Enterprise
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3
==== Event Viewer Messages From Past Week ========
5/27/2010 12:51:02 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/27/2010 12:51:01 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 12:06:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 12:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/27/2010 12:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/27/2010 12:05:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2010 12:05:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 12:05:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 12:05:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2010 12:05:24 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/27/2010 12:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:21:41 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:15:56 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 11:15:56 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:40:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2010 10:40:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/26/2010 6:22:52 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/26/2010 6:22:52 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6
==== End Of File ===========================
Hi,
Let's try to uninstall old McAfee at this point. Download and run Revo Uninstaller (http://www.revouninstaller.com/) let it uninstall McAfee related findings.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). Post back its report & fresh dds log + description of remaining symptoms.
Ok, I will do all of that when I get home from work this evening, and post it tomorrow morning, because laptop is out of battery & I forgot the powercord this morning. Computer is still running so slow, takes forever for firefox to load, or programs to open. Thanks for helping.
Used Revo Uninstaller program & removed McAfee Virus Scan Enterprises, also a CD labeler program had same removal problem (MediaFace).
Uninstalled SuperAntispyware program as I prefer Spybot. I hope that was ok to go ahead & do.
While I was in Revo Uninstaller, I searched everywhere and cannot find this av program listed in DDS logs, and have already
uninstalled Avira: SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
Removed old Java & updated to Java 6 update 20.
Used ATF cleaner as directed.
Ran Kaspersky, which found nothing, but I'm not surprised, it did not find anything before, when had trojan & rootkit dropper.
DDS run again this morning & all logs below.
I downloaded and tried to run gmer two more times, but each time it stopped at \device\hardisk volume shadowcopy1
the 2nd time I got a blue screen and windows crashed & shut down, so I did not try again. I re-downloaded and tried to
run Combofix again this morning, but it only makes the backup of registry, then sits at the little blue screen Please wait..preparing to run.
Why does Combofix or gmer not work for me, but seems like it does for all other computers?
I was nervous because no firewall or av program, so I reinstalled AVAST this morning. I have NOT used internet for anything except this forum & progs you wanted me to run, because I was too worried that the redirector/rootkit/trojan things would reappear and re-direct would start again.
Should I try any google search and see if I get redirected, or do you have other things to check?
One more thing, I have a Seagate freeagent backup drive, which I copied my full c drive to before I had comodo installed (which killed the seagate program). Anyway it has not been connected to the laptop ever since. Do you think it is safe to re-connect it? Or, should I run something to check it first?
Thanks for all your help!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, May 28, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 27, 2010 17:33:33
Records in database: 4190279
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 243757
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:01:51
No threats found. Scanned area is clean.
Selected area has been scanned.
************
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 10:03:46.34 on Fri 05/28/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1034 [GMT -4:00]
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-27 17:12:23 0 d-s---w- C:\tc5272010
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 10:04:50.36 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/28/2010 9:49:21 AM (1 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 99.305 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport
RP1173: 5/27/2010 5:06:07 PM - Revo Uninstaller Pro's restore point - McAfee VirusScan Enterprise
RP1175: 5/27/2010 5:16:20 PM - Revo Uninstaller Pro's restore point - MediaFACE 4.01
RP1177: 5/27/2010 5:17:41 PM - Configured MediaFACE 4.01
RP1178: 5/27/2010 5:22:41 PM - Removed Java(TM) 6 Update 5
RP1179: 5/27/2010 5:38:37 PM - Installed Java(TM) 6 Update 20
RP1181: 5/27/2010 5:42:47 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
RP1182: 5/27/2010 5:43:50 PM - Removed SUPERAntiSpyware Free Edition
RP1183: 5/28/2010 6:27:14 AM - avast! Free Antivirus Setup
==== Installed Programs ======================
2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3
==== Event Viewer Messages From Past Week ========
5/28/2010 9:51:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
5/28/2010 9:51:50 AM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/28/2010 9:51:50 AM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/28/2010 9:50:22 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 7:09:49 AM, Error: EventLog [6008] - The previous system shutdown at 7:07:46 AM on 5/28/2010 was unexpected.
5/28/2010 5:05:00 AM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/28/2010 5:04:59 AM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/27/2010 6:06:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/27/2010 6:06:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2010 6:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 6:05:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 6:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2010 6:04:55 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/27/2010 6:04:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:21:41 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The NeatReceipts Database Controller service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The CyberLink Background Capture Service (CBCS) service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:08 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:08 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6
==== End Of File ===========================
Why does Combofix or gmer not work for me, but seems like it does for all other computers?
There's still likely some protection preventing it from running properly. Seems to be problem especially with certain protection software and Vista combinations.
Should I try any google search and see if I get redirected, or do you have other things to check?
Please try.
One more thing, I have a Seagate freeagent backup drive, which I copied my full c drive to before I had comodo installed (which killed the seagate program). Anyway it has not been connected to the laptop ever since. Do you think it is safe to re-connect it? Or, should I run something to check it first?
It can be connected. You can scan the drive with Kaspersky online scanner.
I tried several different google searches and so far, when I followed the links, they took me to the actual site, and not a re-direct.
Are there other programs I need to run or things to check to see if my laptop is still harboring bad programs?
How do I uninstall combofix? It's in c:\ root directory?
I thought this was Avira, but now I'm not so sure. Any idea what this could be and how I can remove it?
From DDS logs: SP: AntiVir Desktop *disabled* (Updated {AD166499-45F9-482A-A743-FDD3350758C7}
Thanks for all your help!
Sorry, I forgot... should I reset system restore? How do I do that?
Thanks again!
-TC
Hi,
Ill provide instructions for system restore reset etc when the time is right (cleaning process is still incomplete). Please see if ComboFix-quarantined-files.txt file exists on your c: drive. Attach it to your reply if found.
Please see if ComboFix-quarantined-files.txt file exists on your c: drive. Attach it to your reply if found.
I did a search for all *.txt files on drive and could find nothing related to quarantine or combofix. Thanks.
I did find a file called "catchme.txt" in c:\qoobox\quarantine\catchme.txt
I forgot which program produces the qoobox, so thought I would include it here. The file only has the below text:
-------- 2010-04-18 - 13:25:14 -------------
-------- 2010-05-27 - 10:32:08 -------------
-------- 2010-05-27 - 10:32:47 -------------
-------- 2010-05-27 - 10:42:35 -------------
-------- 2010-05-27 - 11:16:16 -------------
-------- 2010-05-27 - 11:22:00 -------------
-------- 2010-05-27 - 11:29:57 -------------
-------- 2010-05-27 - 12:07:08 -------------
-------- 2010-05-27 - 13:12:25 -------------
-------- 2010-05-28 - 10:37:47 -------------
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows, turn off Avast and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Run DDS and post fresh dds.txt log.
I downloaded a fresh combofix and renamed it combo-fix, I made sure avast was completely off,and I dragged the CFscript file onto Combo-fix.exe. Combofix started to run, as usual, but after "please wait...creating a restore point, and copying registry progress bars," nothing happened. I restarted the laptop in safe mode & tried again, dragged the script text, still nothing.
I restarted the laptop in safe mode with networking, same thing, still not working.
Per your instructions, I uninstalled Adobe flash player (old one) & installed new one vers 10.0.45.2.
Something I did earlier today may be helpful. I hooked up my Seagate backup drive, and had AVAST scan it. I had two sections on the drive (1) just my files, nothing else, and (2) my whole hard drive, about when problems started.
AVAST found nothing in the first section (just copies of my personal files), but, on the backup copy of the hard drive it found these 5 things (see below). Since I didn't want anything to somehow creep BACK on my laptop that was bad, I deleted the whole copy of the harddrive from the Seagate backup drive.
I will run AVAST later tonight and see if it finds those things on my actual laptop, because it hasn't yet. Also, below are the newest DDS logs.
Thanks again for your help.
This is what AVAST found:
1. THREAT: Win32.CTX
C:\History\Level2\C\ProgramFiles\{Panda Security\ActiveScan 2.0\pskavs.dll
-I looked online and found out that this is a false positive with Avast
-I looked on my hard drive and could not find this file at all
2. THREAT: JAVA: Djewers-R
c:\Users\EAA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-2cbb420i>GoogleCode.class
- I searched on my hard drive and this file is still there
_ I uploaded it to virustotal but it did not find anything for the file.
3. THREAT: Ricsi-831
c:\Users\admin\AppData\Local\Microsft\Windows\WER\ReportQ...\avcenter.exe.hu.kdmp
- I searched on my hard drive and cannot find this file at all
4. THREAT: win32: malware-gen
C:\ProgramFiles\Adobe\Acrobat 7.0\SetupFiles\AcroPro\Enu\data1.cab|>acrobat_sl.exe
-I located this file on my hard drive, but could not upload it to virustotal, just stayed at
"uploading....."
5. THREAT: win32: malware-gen
c:\ProgramFiles\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
- I searched my hard drive and found this, and when I uploaded the file to virustotal, it found this (copied below)
******** From VIRUSTOTAL*********
From: c:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
File acrobat_sl.exe received on 2010.05.31 19:24:30 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 3/41 (7.32%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.05.31 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.31 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.31 Win32:Malware-gen
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 -
ClamAV 0.96.0.3-git 2010.05.31 -
Comodo 4967 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7522 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 Win32:Malware-gen
Ikarus T3.1.1.84.0 2010.05.31 -
Jiangmin 13.0.900 2010.05.31 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 -
McAfee-GW-Edition 2010.1 2010.05.31 -
Microsoft 1.5802 2010.05.31 -
NOD32 5159 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.31 -
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 -
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6382 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.31 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.31 -
ViRobot 2010.5.31.2331 2010.05.31 -
VirusBuster 5.0.27.0 2010.05.31 -
Additional information
File size: 32256 bytes
MD5...: 1958644da9db1462d53a22281c9f6f12
SHA1..: 23dabb4dd88fd22e009e22673fa0ce6b59784dff
SHA256: bfe7a5ffa9d1e07aa0aec6f99e0c1644577cdb622497d02f408e07598489d9dd
ssdeep: 768:pRSGe2LjUYmCyrP8iL97gnDaNEiIraVvoc:pRUbOnLS6c
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3700
timedatestamp.....: 0x41bee020 (Tue Dec 14 12:44:16 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c0b 0x2e00 6.15 17d7801b48d34d459b47516261e72863
.rdata 0x4000 0x4078 0x4200 4.07 ef143bc57cf977b80e09482bb326e2d3
.data 0x9000 0x458 0x600 3.28 05d1b05285b4051360a5aa632cea392c
.rsrc 0xa000 0x378 0x400 2.87 6bebfa54bda12f2d61d63ce40ced8f11
( 6 imports )
> KERNEL32.dll: CreateThread, InitializeCriticalSection, CreateEventA, GetSystemInfo, UnmapViewOfFile, CreateFileA, VirtualQueryEx, GetCurrentProcess, MapViewOfFile, CreateFileMappingA, TerminateThread, FindClose, FindNextFileA, FindFirstFileA, ReadFile, SetFilePointerEx, GetTempPathA, GetWindowsDirectoryA, GetSystemDirectoryA, GetModuleHandleA, GetStartupInfoA, CloseHandle, DeleteCriticalSection, GetCurrentThread, EnterCriticalSection, SetEvent, SetThreadPriority, LeaveCriticalSection, GetFileAttributesA, WaitForSingleObject
> USER32.dll: KillTimer, DestroyWindow, UnregisterClassA, DispatchMessageA, LoadCursorA, RegisterClassExA, CreateWindowExA, DefWindowProcA, SetTimer, GetMessageA, LoadIconA, PostQuitMessage, FindWindowA, TranslateMessage
> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, CloseServiceHandle, QueryServiceStatus, OpenServiceA, OpenSCManagerA, RegQueryValueA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> MSVCP71.dll: __Nomemory@std@@YAXXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB
> MSVCR71.dll: strchr, _onexit, __dllonexit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _XcptFilter, __CxxFrameHandler, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __3@YAXPAX@Z, __1exception@@UAE@XZ, __0exception@@QAE@XZ, __0exception@@QAE@ABV0@@Z, _CxxThrowException, ___V@YAXPAX@Z, _exit, free, strrchr, malloc, _callnewh, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, _c_exit, _controlfp
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Adobe Systems Incorporated
copyright....: Copyright Adobe Systems Incorporated 2004
product......: Adobe Acrobat
description..: Adobe Acrobat SpeedLauncher
original name: AcroSpeedLaunch.exe
internal name: n/a
file version.: 7.0.0.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
********************* DDS LOGS***************
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 16:11:52.16 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1060 [GMT -4:00]
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k getPlusHelper
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-05-31 19:58:20 0 d-s---w- C:\Combo-Fix
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 16:14:24.43 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/31/2010 4:00:20 PM (0 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 103.391 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3
==== End Of File ===========================
I noticed this in the DDS log in the ====SERVICES / DRIVERS ==== area:
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]
I guess the McA Virus scan will not uninstall?
Also, I ran a full system scan of the laptop with Avast and it found only a "PUP" - potentially unwanted program in C:\HP\BIN\endprocess.exe. Avast said it was Win32:KillApp-W. I let it move it to the virus chest for now.
I uninstalled a bunch of old programs:
Acrobat.com
Adobe Download Manager
Adobe AIR
Brother MFL-Pro Suite
Gantt Project
Panda Active Scan 2.0
Winamp
Winzip
M c Afee Security Scan Plus
Quicktime (I actually want this, but will re-install new after laptop is clean)
Thanks.
Hi again,
1. Place fresh copy of renamed ComboFix file (taichi.exe) from your desktop to root of C: drive (C:\). That way we can access it on every account.
2. Try running ComboFix thru in safe mode with command prompt. Here are steps to follow (print/save these since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then type the following commands (I assume you moved taichi.exe to C: root):
cd\
taichi.exe
When ComboFix reboots select safe mode with command prompt again so that ComboFix will finish there.
I followed your instructions, downloaded new combofix, renamed it taichi, and put it in c root drive. Rebooted to safe mode with command prompt. At the little black "dos" window, typed cd\ then taichi.exe. As every time before, combofix has the little blue screen, shows Please wait, copies the registry files, and sits at the screen with "Attempting to create a new system restore point." I waited 25 minutes and nothing else happened.
Neither COMBOFIX nor GMER seems to work on this laptop. Are there any other programs that can be used? Thanks
Fresh DDS logs after I tried the combofix this morning.
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 8:50:55.78 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.958 [GMT -4:00]
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-06-01 12:19:14 0 d-s---w- C:\taichi
2010-06-01 12:08:59 3701941 ----a-r- C:\taichi.exe
2010-05-31 22:05:58 9 ----a-w- c:\windows\Brfaxrx.ini
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 8:51:59.99 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 6/1/2010 8:39:05 AM (0 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 178 GiB total, 102.037 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport
RP1173: 5/27/2010 5:06:07 PM - Revo Uninstaller Pro's restore point - McAfee VirusScan Enterprise
RP1175: 5/27/2010 5:16:20 PM - Revo Uninstaller Pro's restore point - MediaFACE 4.01
RP1177: 5/27/2010 5:17:41 PM - Configured MediaFACE 4.01
RP1178: 5/27/2010 5:22:41 PM - Removed Java(TM) 6 Update 5
RP1179: 5/27/2010 5:38:37 PM - Installed Java(TM) 6 Update 20
RP1181: 5/27/2010 5:42:47 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
RP1182: 5/27/2010 5:43:50 PM - Removed SUPERAntiSpyware Free Edition
RP1183: 5/28/2010 6:27:14 AM - avast! Free Antivirus Setup
RP1184: 5/31/2010 1:01:16 PM - ComboFix created restore point
RP1186: 5/31/2010 5:58:53 PM - Configured QuickTime
RP1187: 5/31/2010 6:03:25 PM - Removed Acrobat.com
RP1189: 5/31/2010 6:05:37 PM - Removed Brother MFL-Pro Suite
RP1191: 5/31/2010 6:08:07 PM - Configured QuickTime
RP1193: 5/31/2010 6:09:35 PM - Revo Uninstaller Pro's restore point - QuickTime
RP1195: 5/31/2010 6:10:43 PM - Configured QuickTime
==== Installed Programs ======================
2Wire Gateway
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WModem Driver Installer
WordPerfect Office X3
==== Event Viewer Messages From Past Week ========
6/1/2010 8:41:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
6/1/2010 8:41:34 AM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
6/1/2010 8:41:34 AM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/1/2010 8:40:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:19:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/1/2010 8:18:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/1/2010 8:18:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:17:13 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/1/2010 8:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/31/2010 7:10:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/31/2010 6:08:41 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/31/2010 6:08:40 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/31/2010 3:56:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi cdudf_xp SASKUTIL spldr Wanarpv6
5/31/2010 3:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/31/2010 3:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/31/2010 3:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/31/2010 3:55:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/31/2010 3:34:39 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2010 1:00:22 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/31/2010 1:00:22 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2010 7:09:49 AM, Error: EventLog [6008] - The previous system shutdown at 7:07:46 AM on 5/28/2010 was unexpected.
5/28/2010 5:53:11 PM, Error: EventLog [6008] - The previous system shutdown at 5:51:34 PM on 5/28/2010 was unexpected.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The NeatReceipts Database Controller service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The CyberLink Background Capture Service (CBCS) service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
==== End Of File ===========================
Hi,
I don't think there's any need to spend more time on getting ComboFix running.
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
sc stop McTaskManager
sc delete McTaskManager
Double-click on fixes.bat file to execute it.
Reboot and post a fresh dds.txt log (no need for attach.txt this time).
Ran the fixes.bat & here's new dds log.
Thanks for your help!
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 9:53:27.27 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1042 [GMT -4:00]
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2010-06-01 12:19:14 0 d-s---w- C:\taichi
2010-06-01 12:08:59 3701941 ----a-r- C:\taichi.exe
2010-05-31 22:05:58 9 ----a-w- c:\windows\Brfaxrx.ini
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll
==================== Find3M ====================
2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat
============= FINISH: 9:56:30.77 ===============
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Ok, I did this
disable the System Restore feature & rebooted.
I did the same steps and checked the 'c' drive. Hope this next part is okay...
I created a new system restore point, because it said there was NONE.
I rfan the uninstall combofix command, and it removed. Then i downloaded & tried combofix one last time in safe mode - still not working; so i uninstalled it again. Downloaded & ran the OTC.
I forgot one last thing I am going to do is run the AVAST rootkit analysis tool that is part of AVAST. I started to do this yesterday, but
Sorry, I meant to preview NOT POST.
I forgot one last thing I am going to do is run the AVAST rootkit analysis tool that is part of AVAST. I started to do this yesterday, but
but.. it takes a long time, so am going to do it now and post results later.
Thanks, again!!
One thing I forgot to ask, I went to Secunia, which scanned & shows this:
*************
Adobe Flash Player 9.x 9.0.45.0 (ActiveX)
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 9.0.45.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.0.246.0 (ActiveX).
Update Instructions:
Download
Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx
**************
But on my DDS log (see snippet below) it shows that I have 10, unless that is something different.
I did think I updated it a couple of days ago when you asked me to.
I checked and sure enough there is an adobe flash player 9 sitting where Secunia says it is
Should I remove this? Thanks!
Smippet from DDS attach log:
==== Installed Programs ======================
2Wire Gateway
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin
Hi,
Yes, the .ocx file can be deleted.
My laptop still seems slow, especially opening any programs or web sites, but at least I am not being redirected with goggle searches.
Hi,
Yes, the .ocx file can be deleted.
I couldnt delete this after all, it said I didn't have authority. I looked at properties, which were read-only & I tried to change that, but it would not let me.
I ran the rootkit scan with Avast and it found a trojan: JAVA:Djewers-R [Trj]
here.
c:\User\EAA\ApplicationData\LocalLow\Sun\Java\Deployment\Cache\6.0\13\7cdbdc4d-2cbbb420|>GoogleCode.class
I had it moved to virus chest for now. Should I just go ahead and delete it?
Thanks for your help!!
Hi,
Save following instructions and follow them after closing all web browser windows first.
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
icacls C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx /remove everyone:d
icacls C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx /grant everyone:F
attrib -r C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx
del /q C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx
Right-click on fixes.bat file and select 'run as administrator' to execute it. See if the file still exists.
Avast finding can be deleted or left into virus chest (it won't return from there).
Right-click on fixes.bat
GREAT!! It worked so fast, too, I nearly missed it. I checked, and the old adobe player ocx thing is no longer there.
The only other Secunia finding is for i-tunes, which I haven't decided if I am going to keep, as I haven't used it in a couple of years. For certain, I will update or remove the program, though, since it is not secure. I think I will never ignore the popup prompts to
update update update!!!!
Windows & my programs automatically. That was completely my mistake - always in a hurry and did not think I had time to let Windows install it's updates. Now I know I will ALWAYS have time!!
Thank you so very much for all your patience and help!! You and the other volunteers are awesome!
-TaiChi
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.