Computer infected with AntivirusPro 2010

[FlaCajun]

It is done.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 6, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 06, 2009 03:29:27
Records in database: 2919830
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 1225754
Threats found: 12
Infected objects found: 28
Suspicious objects found: 17
Scan duration: 23:20:42


File name / Threat / Threats count
C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\Invest.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Raymond\Application Data\lizkavd.exe.vir Infected: Packed.Win32.Krap.ad 1
C:\Qoobox\Quarantine\C\Documents and Settings\Raymond\Application Data\seres.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fsd 1
C:\Qoobox\Quarantine\C\Documents and Settings\Raymond\Application Data\svcst.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fsd 1
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir Infected: Packed.Win32.Krap.ad 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyebwupqoy.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Backdoor.Win32.Bredolab.acl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Dropper.Win32.Mudrop.dxg 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_14.49.19.zip Infected: Packed.Win32.Krap.ad 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_14.49.19.zip Infected: Trojan.Win32.Vilsel.hga 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_14.49.19.zip Infected: Trojan.Win32.Sasfis.nzr 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_14.49.19.zip Infected: Trojan.Win32.Antavmu.exb 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_14.49.19.zip Infected: Trojan.Win32.Vilsel.hhr 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023918.exe Infected: Packed.Win32.Krap.ad 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023923.exe Infected: Trojan-Downloader.Win32.FraudLoad.fsd 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023924.exe Infected: Trojan-Downloader.Win32.FraudLoad.fsd 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023936.exe Infected: Packed.Win32.Krap.ad 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023955.exe Infected: Trojan-Dropper.Win32.Mudrop.dxg 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023959.sys Infected: Packed.Win32.TDSS.z 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023968.exe Infected: Backdoor.Win32.Bredolab.acl 1
C:\system volume information\_restore{6878E952-D0C8-4B42-9C1D-8CE4EE7F9B17}\RP281\A0023974.dll Infected: Trojan.Win32.Sirefef.a 1
E:\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
E:\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1
F:\Document and Settings\Raymond\Local Settings\Temporary Internet Files\Content.IE5\BT0SI9MY\kdqrrj[1].htm Infected: Trojan.Win32.Sasfis.nzr 1
F:\Document and Settings\Raymond\Local Settings\Temporary Internet Files\Content.IE5\K0V11MDU\inst32A[1].com Infected: Trojan-Dropper.Win32.Mudrop.dxg 1
F:\Document and Settings\Raymond\Local Settings\Temporary Internet Files\Content.IE5\K0V11MDU\pziwjxb[1].htm Infected: Trojan.Win32.Vilsel.hhr 1
F:\Document and Settings\Raymond\Local Settings\Temporary Internet Files\Content.IE5\NCYZ3AV9\folzm[1].htm Infected: Trojan.Win32.Vilsel.hga 1
F:\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1

Selected area has been scanned.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2008 12:52:59 PM
System Uptime: 10/5/2009 9:59:47 PM (25 hours ago)

Motherboard: Acer | | E946GZ
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 147 GiB total, 64.6 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 1.449 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 347.149 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 561.121 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP281: 10/5/2009 1:58:22 PM - System Checkpoint
RP282: 10/5/2009 9:14:36 PM - Removed Java(TM) 6 Update 10
RP283: 10/5/2009 9:14:54 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

AAC Decoder
Adobe Acrobat 7.0 Standard
Adobe Acrobat 7.1.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Apple Software Update
AutoUpdate
DING!
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Officejet Pro K550 Series
ImageMixer 3 SE for SD
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 16
LightScribe 1.4.74.1
Logitech iTouch Software
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Misc
MKV Splitter
Mozilla Thunderbird (2.0.0.23)
News Rover
NTI Backup NOW! 4
NTI CD & DVD-Maker
OCA Client history tool install
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
The Works of W. Cleon Skousen Version 3.0.1
Toolbox
Trader Workstation 4.0
UGuide
Update for Windows XP (KB951072-v2)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

9/30/2009 10:11:47 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
9/30/2009 10:11:47 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
9/30/2009 10:11:03 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
9/29/2009 7:25:01 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
10/5/2009 9:22:08 AM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
10/5/2009 9:22:08 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
10/5/2009 8:12:28 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).
10/5/2009 8:12:28 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 1:58:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'KB912812' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/5/2009 1:51:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/5/2009 1:49:17 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 1:49:17 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 1:48:47 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

 

[FlaCajun]

DDS.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by Raymond at 22:02:26.39 on Tue 10/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.649 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Raymond\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kitco.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\raymond\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se for sd\CameraMonitor.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-24 214024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-24 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-24 35272]
S2 0037731254797956mcinstcleanup;McAfee Application Installer Cleanup (0037731254797956);c:\windows\temp\003773~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\003773~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-24 40552]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-24 606736]

=============== Created Last 30 ================

2009-10-05 21:41 <DIR> --d----- c:\docume~1\raymond\applic~1\Malwarebytes
2009-10-05 21:41 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 21:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-05 21:41 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-05 21:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 21:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-05 20:12 <DIR> --d----- C:\_OTM
2009-10-05 13:55 50,176 a------- c:\windows\system32\proquota.exe
2009-10-05 13:49 <DIR> a-dshr-- C:\cmdcons
2009-10-05 13:48 229,888 a------- c:\windows\PEV.exe
2009-10-05 13:48 161,792 a------- c:\windows\SWREG.exe
2009-10-05 13:48 98,816 a------- c:\windows\sed.exe
2009-10-05 13:42 <DIR> --d-h--- c:\windows\PIF
2009-10-04 20:13 <DIR> --d----- c:\program files\Temp
2009-10-04 20:12 <DIR> --d----- c:\program files\Ttemp
2009-10-03 15:56 <DIR> --d----- c:\program files\Trend Micro
2009-10-01 14:28 <DIR> --d----- c:\windows\SxsCaPendDel
2009-10-01 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-01 13:48 <DIR> --d----- c:\program files\common files\iS3
2009-10-01 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-01 13:11 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-10-05 21:14 411,368 a------- c:\windows\system32\deploytk.dll

============= FINISH: 22:02:48.46 ===============

 

[IndiGenus]

Not too bad

Most everything found is either in combofix quarantine, or system restore, and we'll clean those out in a minute.

You also have some infected emails stashed away in Outlook. You will need to manually go in and remove those emails. We can not simply delete the dbx files without potentially wiping out all your email. Looks like some fake Paypal emails.

C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\Invest.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Raymond\Local Settings\Application Data\Identities\{7772A531-6B12-45EF-9B43-7D99B0E67F95}\Microsoft\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1
E:\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
E:\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1
F:\Outlook Express\PayPal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 5
F:\Outlook Express\PayPal.dbx Infected: Trojan-Spy.HTML.Paylap.bj 1


Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  

The above procedure will:

• Delete the following: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Let me know how it's running now also.

 

[IndiGenus]

More cleanup

Sorry,

Forgot about some of the other clean up.

• Make sure you have an Internet Connection.
• Double-click OTM.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTM to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You can also remove any of the other tools that we used if OTM doesn't get them.

 

[FlaCajun]

'ComboFix' can not be found.
Tried running 'Combo-Fix /u', but same problem.

I am going to look for it on the C drive.

 

[FlaCajun]

Just finished a search for 'Combo*.*', no executables found. Just text files.
Also, McAfee and Spybot are idle.
I have an internet connect, but haven't gone to any websites, except Spybot Forum and those instructed.
Not have any emails been checked.

It is persumed that the clean with 'OTM.exe' occurs after ComboFix /u is run.

Thanks,
Raymond

 

[IndiGenus]

Yes, I think we can presume clean at this point.

I had forgot we renamed combofix. It was run from the desktop.

c:\documents and settings\Raymond\Desktop\Combo-Fix.exe

So it's not there any more?

Also, McAfee and Spybot are idle.

When you say idle do you mean they are not running protection? Are you able to turn them on?

It appears from your last DDS log that Spybot's TeaTimer was running. And at least part of McAfee is running. Sometimes programs will need to be re-installed after the clean due to damage done by the Malware.

 

[IndiGenus]

Also, if combofix cannot be uninstalled then you should manually reset System Restore to clean out those infected restore points.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

And the combofix quarantined files folder should be removed if still present. Delete Qoobox at the root of the C drive.

C:\Qoobox

 

[FlaCajun]

I don't know where combo-fix.exe is.
I don't recall deleting it from the desktop.
Would any of the programs that were run delete this file?

Some of the McAfee systems seem to be running.
I turned as many McAfee items off as I could for the Kaspersky scan.
I presume that if they could be turned off, they could be turned on.
McAfee has been turned on successfully.
Just got an 'Update Error' from McAfee.
It is asking for a reinstall of these programs.
Tried to do a manual update to McAfee, but same error.
McAfee will need to be reinstalled.

In checking the 'Task Manager', I didn't see 'Tea Timer' running. Could have missed it.

Do you want me to download comfix.exe and run it, then run dds.scr?

For the System Restore, do you want today's date to be used,
since all the other points maybe worthless?

 

[IndiGenus]

Do you want me to download comfix.exe and run it, then run dds.scr?

No, I think you're okay.

For the System Restore, do you want today's date to be used,
since all the other points maybe worthless?

You can use whatever name for the new point you like. Todays date is fine. We just want to make sure all the old ones are cleared.

Let me know how you make out with McAfee.

And you're right, don't see TeaTimer actually running in processes on last DDS log. It is called out to be from the registry.

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

You may want to check your settings in SpyBot. Or maybe that will need to be re-installed also.

 

[FlaCajun]

Well I don't know if trouble has found me. I am typing from anouther computer.

When I was typing on the perviously infected computer attempting to type about the balloon window with a strange message, my wireless keyboard and mouse froze.

After resetting the wireless, the balloon disappeared.
The balloon said something about a file that I am not familiar with on 'E:\'.
Note: E drive started to go bad about 2 weeks ago.
When the balloon disappeared the keyboard and mouse worked.
I resumed typing and the lock up occurred again, which is why I am typing from another computer on the network.

The Task Manager on the task bar shows +50& CPU usage.
I discounted the previously infected computer from the network and hence the internet.
Going to press the reset on the wireless.
The keyboard and mouse are back.
The CPU usage is spikes to 51% then back to 0%.

The open windows are: IE7(spybot.com), Task Manager, McAfee security, Windows explorer.
CPU usage is locked at 50% and keyboard and mouse are locked up again.

I don't know what is going on. Never seen anything like this.
The only thing accessed in the internet world is the spybot. com.
No emails have been checked nor web sites visited.
Only solitaire has been run.

Please advise.

 

[FlaCajun]

As CPU usage changes, the system idle process remains the same.
Attempting to locate which process is using the CPU, no of the other CPU number changes.
When CPU usage is 50%, the mouse and keyboard lock up. When drops back to 0% or 1%, the keyboard and mouse become functional again.
The CPU usage icon in the tray, remains at +50% even though the CPU usage on its bottom status bar changes.

McAfee appears to be running in the background, but can't update.
Don't thing sypbot is running in the background.
The 'arrow' in the tray is not working.

 

[FlaCajun]

An error message came up. It was the same as in the balloon from the tray.
This time the message is in a window box on the middle of the desk top.

'Windows was unable to save all the data for the file e:\$Mft. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.'

Should I close the box.

Is this computer infected again?

 

[FlaCajun]

Also, the clock hasn't moved lately from 5:32PM.

Not sure if I should reboot, and if so, should it be into Safe Mode.

 

[IndiGenus]

Have you been able to identify which process is taking the CPU cycles? That would help.

I would try rebooting. Do you have a regular USB or PS2 mouse and keyboard combo you can try. I know sometimes those wireless set ups get flaky.

Did you re-install McAfee and Spybot?

Run and post another DDS log when you get a chance.

 

[FlaCajun]

No. The Task Manager wasn't working properly.
Thought about using Process Explorer, but chose not to.
McAfee and Sypot haven't been re-installed.
When do you want me to do that?

I will reboot the computer and run DDS and post the results.
Had to pull the power cord to reboot.

 

[IndiGenus]

You can use Process Explorer in place of task manager. That should show it.

I would re-install both of those programs asap.

I don't think the infection is still present or active, but it appears to have done quite a bit of damage here.

 

[FlaCajun]

ATTACH.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2008 12:52:59 PM
System Uptime: 10/7/2009 10:12:32 PM (0 hours ago)

Motherboard: Acer | | E946GZ
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 147 GiB total, 64.545 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 1.449 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 347.149 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 561.121 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP281: 10/5/2009 1:58:22 PM - System Checkpoint
RP282: 10/5/2009 9:14:36 PM - Removed Java(TM) 6 Update 10
RP283: 10/5/2009 9:14:54 PM - Installed Java(TM) 6 Update 16
RP284: 10/6/2009 10:31:13 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Adobe Acrobat 7.0 Standard
Adobe Acrobat 7.1.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Apple Software Update
AutoUpdate
DING!
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Officejet Pro K550 Series
ImageMixer 3 SE for SD
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 16
LightScribe 1.4.74.1
Logitech iTouch Software
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Misc
MKV Splitter
Mozilla Thunderbird (2.0.0.23)
News Rover
NTI Backup NOW! 4
NTI CD & DVD-Maker
OCA Client history tool install
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
The Works of W. Cleon Skousen Version 3.0.1
Toolbox
Trader Workstation 4.0
UGuide
Update for Windows XP (KB951072-v2)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

9/30/2009 10:11:03 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
10/7/2009 3:09:52 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
10/7/2009 3:09:52 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
10/7/2009 3:09:52 PM, error: atapi [15] - The device, \Device\Ide\IdePort2, is not ready for access yet.
10/5/2009 9:22:08 AM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
10/5/2009 9:22:08 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
10/5/2009 9:17:30 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
10/5/2009 9:17:30 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
10/5/2009 8:12:28 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).
10/5/2009 8:12:28 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 8:12:27 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/5/2009 1:58:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'KB912812' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/5/2009 1:51:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/5/2009 1:49:17 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 1:49:17 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 1:48:47 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/4/2009 10:31:58 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.

==== End Of File ===========================

 

[FlaCajun]

DDS.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by Raymond at 22:14:50.96 on Wed 10/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.594 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Raymond\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kitco.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\raymond\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se for sd\CameraMonitor.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-24 214024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-24 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-24 35272]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-24 606736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-24 40552]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-10-05 21:41 <DIR> --d----- c:\docume~1\raymond\applic~1\Malwarebytes
2009-10-05 21:41 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 21:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-05 21:41 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-05 21:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 21:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-05 20:12 <DIR> --d----- C:\_OTM
2009-10-05 13:55 50,176 a------- c:\windows\system32\proquota.exe
2009-10-05 13:49 <DIR> a-dshr-- C:\cmdcons
2009-10-05 13:48 229,888 a------- c:\windows\PEV.exe
2009-10-05 13:48 161,792 a------- c:\windows\SWREG.exe
2009-10-05 13:48 98,816 a------- c:\windows\sed.exe
2009-10-05 13:42 <DIR> --d-h--- c:\windows\PIF
2009-10-04 20:13 <DIR> --d----- c:\program files\Temp
2009-10-04 20:12 <DIR> --d----- c:\program files\Ttemp
2009-10-03 15:56 <DIR> --d----- c:\program files\Trend Micro
2009-10-01 14:28 <DIR> --d----- c:\windows\SxsCaPendDel
2009-10-01 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-01 13:48 <DIR> --d----- c:\program files\common files\iS3
2009-10-01 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-01 13:11 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-10-05 21:14 411,368 a------- c:\windows\system32\deploytk.dll

============= FINISH: 22:15:18.87 ===============

 

[FlaCajun]

Trying to install Spybot, but unable.
Error
C:\ProgramFiles\Spybot-Searh&Destroy\SpybotSD.exe
The existing file is marked as read-only.
Click Retry to remove the read-only attribute and try again, Ignore to skip this file, or Abort to cancel installation.

Went to a command prompt but couldn't change to the Spybot directory.
No matter how I typed it 'cd Spybot - Search & Destroy', the path couldn't be found.

Going to install McAfee next. Need to go to Comcast web site to do this.
McAfee is requesting an updated installer.