Rootkit dropper/trojan (still)

taichi · May 31, 2010

Please see if ComboFix-quarantined-files.txt file exists on your c: drive. Attach it to your reply if found.

I did a search for all *.txt files on drive and could find nothing related to quarantine or combofix. Thanks.

taichi · May 31, 2010

I did find a file called "catchme.txt" in c:\qoobox\quarantine\catchme.txt
I forgot which program produces the qoobox, so thought I would include it here. The file only has the below text:

-------- 2010-04-18 - 13:25:14 -------------

-------- 2010-05-27 - 10:32:08 -------------

-------- 2010-05-27 - 10:32:47 -------------

-------- 2010-05-27 - 10:42:35 -------------

-------- 2010-05-27 - 11:16:16 -------------

-------- 2010-05-27 - 11:22:00 -------------

-------- 2010-05-27 - 11:29:57 -------------

-------- 2010-05-27 - 12:07:08 -------------

-------- 2010-05-27 - 13:12:25 -------------

-------- 2010-05-28 - 10:37:47 -------------

Blade81 · May 31, 2010

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KillAll::
SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows, turn off Avast and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Run DDS and post fresh dds.txt log.

taichi · May 31, 2010

I downloaded a fresh combofix and renamed it combo-fix, I made sure avast was completely off,and I dragged the CFscript file onto Combo-fix.exe. Combofix started to run, as usual, but after "please wait...creating a restore point, and copying registry progress bars," nothing happened. I restarted the laptop in safe mode & tried again, dragged the script text, still nothing.
I restarted the laptop in safe mode with networking, same thing, still not working.

Per your instructions, I uninstalled Adobe flash player (old one) & installed new one vers 10.0.45.2.

Something I did earlier today may be helpful. I hooked up my Seagate backup drive, and had AVAST scan it. I had two sections on the drive (1) just my files, nothing else, and (2) my whole hard drive, about when problems started.

AVAST found nothing in the first section (just copies of my personal files), but, on the backup copy of the hard drive it found these 5 things (see below). Since I didn't want anything to somehow creep BACK on my laptop that was bad, I deleted the whole copy of the harddrive from the Seagate backup drive.

I will run AVAST later tonight and see if it finds those things on my actual laptop, because it hasn't yet. Also, below are the newest DDS logs.

Thanks again for your help.

This is what AVAST found:

1. THREAT: Win32.CTX
C:\History\Level2\C\ProgramFiles\{Panda Security\ActiveScan 2.0\pskavs.dll
-I looked online and found out that this is a false positive with Avast
-I looked on my hard drive and could not find this file at all

2. THREAT: JAVA: Djewers-R
c:\Users\EAA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-2cbb420i>GoogleCode.class
- I searched on my hard drive and this file is still there
_ I uploaded it to virustotal but it did not find anything for the file.

3. THREAT: Ricsi-831
c:\Users\admin\AppData\Local\Microsft\Windows\WER\ReportQ...\avcenter.exe.hu.kdmp
- I searched on my hard drive and cannot find this file at all

4. THREAT: win32: malware-gen
C:\ProgramFiles\Adobe\Acrobat 7.0\SetupFiles\AcroPro\Enu\data1.cab|>acrobat_sl.exe
-I located this file on my hard drive, but could not upload it to virustotal, just stayed at
"uploading....."

5. THREAT: win32: malware-gen
c:\ProgramFiles\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
- I searched my hard drive and found this, and when I uploaded the file to virustotal, it found this (copied below)

******** From VIRUSTOTAL*********
From: c:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
File acrobat_sl.exe received on 2010.05.31 19:24:30 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 3/41 (7.32%)

Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.05.31 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.31 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.31 Win32:Malware-gen
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 -
ClamAV 0.96.0.3-git 2010.05.31 -
Comodo 4967 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7522 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 Win32:Malware-gen
Ikarus T3.1.1.84.0 2010.05.31 -
Jiangmin 13.0.900 2010.05.31 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 -
McAfee-GW-Edition 2010.1 2010.05.31 -
Microsoft 1.5802 2010.05.31 -
NOD32 5159 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.31 -
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 -
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6382 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.31 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.31 -
ViRobot 2010.5.31.2331 2010.05.31 -
VirusBuster 5.0.27.0 2010.05.31 -
Additional information
File size: 32256 bytes
MD5...: 1958644da9db1462d53a22281c9f6f12
SHA1..: 23dabb4dd88fd22e009e22673fa0ce6b59784dff
SHA256: bfe7a5ffa9d1e07aa0aec6f99e0c1644577cdb622497d02f408e07598489d9dd
ssdeep: 768

RSGe2LjUYmCyrP8iL97gnDaNEiIraVvoc

RUbOnLS6c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3700
timedatestamp.....: 0x41bee020 (Tue Dec 14 12:44:16 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c0b 0x2e00 6.15 17d7801b48d34d459b47516261e72863
.rdata 0x4000 0x4078 0x4200 4.07 ef143bc57cf977b80e09482bb326e2d3
.data 0x9000 0x458 0x600 3.28 05d1b05285b4051360a5aa632cea392c
.rsrc 0xa000 0x378 0x400 2.87 6bebfa54bda12f2d61d63ce40ced8f11

( 6 imports )
> KERNEL32.dll: CreateThread, InitializeCriticalSection, CreateEventA, GetSystemInfo, UnmapViewOfFile, CreateFileA, VirtualQueryEx, GetCurrentProcess, MapViewOfFile, CreateFileMappingA, TerminateThread, FindClose, FindNextFileA, FindFirstFileA, ReadFile, SetFilePointerEx, GetTempPathA, GetWindowsDirectoryA, GetSystemDirectoryA, GetModuleHandleA, GetStartupInfoA, CloseHandle, DeleteCriticalSection, GetCurrentThread, EnterCriticalSection, SetEvent, SetThreadPriority, LeaveCriticalSection, GetFileAttributesA, WaitForSingleObject
> USER32.dll: KillTimer, DestroyWindow, UnregisterClassA, DispatchMessageA, LoadCursorA, RegisterClassExA, CreateWindowExA, DefWindowProcA, SetTimer, GetMessageA, LoadIconA, PostQuitMessage, FindWindowA, TranslateMessage
> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, CloseServiceHandle, QueryServiceStatus, OpenServiceA, OpenSCManagerA, RegQueryValueA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> MSVCP71.dll: __Nomemory@std@@YAXXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB
> MSVCR71.dll: strchr, _onexit, __dllonexit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _XcptFilter, __CxxFrameHandler, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __3@YAXPAX@Z, __1exception@@UAE@XZ, __0exception@@QAE@XZ, __0exception@@QAE@ABV0@@Z, _CxxThrowException, ___V@YAXPAX@Z, _exit, free, strrchr, malloc, _callnewh, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, _c_exit, _controlfp

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Adobe Systems Incorporated
copyright....: Copyright Adobe Systems Incorporated 2004
product......: Adobe Acrobat
description..: Adobe Acrobat SpeedLauncher
original name: AcroSpeedLaunch.exe
internal name: n/a
file version.: 7.0.0.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

********************* DDS LOGS***************

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 16:11:52.16 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1060 [GMT -4:00]

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k getPlusHelper
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-05-31 19:58:20 0 d-s---w- C:\Combo-Fix
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 16:14:24.43 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/31/2010 4:00:20 PM (0 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 103.391 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3

==== End Of File ===========================

taichi · Jun 1, 2010

I noticed this in the DDS log in the ====SERVICES / DRIVERS ==== area:
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]
I guess the McA Virus scan will not uninstall?

Also, I ran a full system scan of the laptop with Avast and it found only a "PUP" - potentially unwanted program in C:\HP\BIN\endprocess.exe. Avast said it was Win32:KillApp-W. I let it move it to the virus chest for now.

I uninstalled a bunch of old programs:
Acrobat.com
Adobe Download Manager
Adobe AIR
Brother MFL-Pro Suite
Gantt Project
Panda Active Scan 2.0
Winamp
Winzip
M c Afee Security Scan Plus
Quicktime (I actually want this, but will re-install new after laptop is clean)

Thanks.

Blade81 · Jun 1, 2010

Hi again,

1. Place fresh copy of renamed ComboFix file (taichi.exe) from your desktop to root of C: drive (C:\). That way we can access it on every account.

2. Try running ComboFix thru in safe mode with command prompt. Here are steps to follow (print/save these since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then type the following commands (I assume you moved taichi.exe to C: root):

cd\
taichi.exe

When ComboFix reboots select safe mode with command prompt again so that ComboFix will finish there.

taichi · Jun 1, 2010

I followed your instructions, downloaded new combofix, renamed it taichi, and put it in c root drive. Rebooted to safe mode with command prompt. At the little black "dos" window, typed cd\ then taichi.exe. As every time before, combofix has the little blue screen, shows Please wait, copies the registry files, and sits at the screen with "Attempting to create a new system restore point." I waited 25 minutes and nothing else happened.
Neither COMBOFIX nor GMER seems to work on this laptop. Are there any other programs that can be used? Thanks

Fresh DDS logs after I tried the combofix this morning.

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 8:50:55.78 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.958 [GMT -4:00]

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-06-01 12:19:14 0 d-s---w- C:\taichi
2010-06-01 12:08:59 3701941 ----a-r- C:\taichi.exe
2010-05-31 22:05:58 9 ----a-w- c:\windows\Brfaxrx.ini
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 8:51:59.99 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 6/1/2010 8:39:05 AM (0 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 102.037 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport
RP1173: 5/27/2010 5:06:07 PM - Revo Uninstaller Pro's restore point - McAfee VirusScan Enterprise
RP1175: 5/27/2010 5:16:20 PM - Revo Uninstaller Pro's restore point - MediaFACE 4.01
RP1177: 5/27/2010 5:17:41 PM - Configured MediaFACE 4.01
RP1178: 5/27/2010 5:22:41 PM - Removed Java(TM) 6 Update 5
RP1179: 5/27/2010 5:38:37 PM - Installed Java(TM) 6 Update 20
RP1181: 5/27/2010 5:42:47 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
RP1182: 5/27/2010 5:43:50 PM - Removed SUPERAntiSpyware Free Edition
RP1183: 5/28/2010 6:27:14 AM - avast! Free Antivirus Setup
RP1184: 5/31/2010 1:01:16 PM - ComboFix created restore point
RP1186: 5/31/2010 5:58:53 PM - Configured QuickTime
RP1187: 5/31/2010 6:03:25 PM - Removed Acrobat.com
RP1189: 5/31/2010 6:05:37 PM - Removed Brother MFL-Pro Suite
RP1191: 5/31/2010 6:08:07 PM - Configured QuickTime
RP1193: 5/31/2010 6:09:35 PM - Revo Uninstaller Pro's restore point - QuickTime
RP1195: 5/31/2010 6:10:43 PM - Configured QuickTime

==== Installed Programs ======================

2Wire Gateway
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WModem Driver Installer
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

6/1/2010 8:41:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
6/1/2010 8:41:34 AM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
6/1/2010 8:41:34 AM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/1/2010 8:40:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:39:56 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
6/1/2010 8:19:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/1/2010 8:18:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/1/2010 8:18:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2010 8:18:23 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2010 8:17:13 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/1/2010 8:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/31/2010 7:10:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/31/2010 6:08:41 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/31/2010 6:08:40 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/31/2010 3:56:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi cdudf_xp SASKUTIL spldr Wanarpv6
5/31/2010 3:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/31/2010 3:55:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/31/2010 3:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/31/2010 3:55:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/31/2010 3:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/31/2010 3:34:39 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2010 1:00:22 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/31/2010 1:00:22 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2010 7:09:49 AM, Error: EventLog [6008] - The previous system shutdown at 7:07:46 AM on 5/28/2010 was unexpected.
5/28/2010 5:53:11 PM, Error: EventLog [6008] - The previous system shutdown at 5:51:34 PM on 5/28/2010 was unexpected.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The NeatReceipts Database Controller service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The CyberLink Background Capture Service (CBCS) service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

==== End Of File ===========================

Blade81 · Jun 1, 2010

Hi,

I don't think there's any need to spend more time on getting ComboFix running.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
sc stop McTaskManager
sc delete McTaskManager

Double-click on fixes.bat file to execute it.

Reboot and post a fresh dds.txt log (no need for attach.txt this time).

taichi · Jun 1, 2010

Ran the fixes.bat & here's new dds log.
Thanks for your help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 9:53:27.27 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1042 [GMT -4:00]

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-06-01 12:19:14 0 d-s---w- C:\taichi
2010-06-01 12:08:59 3701941 ----a-r- C:\taichi.exe
2010-05-31 22:05:58 9 ----a-w- c:\windows\Brfaxrx.ini
2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 9:56:30.77 ===============

Blade81 · Jun 1, 2010

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
Run Secunia vulnerability check here and fix its findings.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

taichi · Jun 1, 2010

Ok, I did this

disable the System Restore feature

& rebooted.
I did the same steps and checked the 'c' drive. Hope this next part is okay...
I created a new system restore point, because it said there was NONE.

I rfan the uninstall combofix command, and it removed. Then i downloaded & tried combofix one last time in safe mode - still not working; so i uninstalled it again. Downloaded & ran the OTC.
I forgot one last thing I am going to do is run the AVAST rootkit analysis tool that is part of AVAST. I started to do this yesterday, but

taichi · Jun 1, 2010

Sorry, I meant to preview NOT POST.

I forgot one last thing I am going to do is run the AVAST rootkit analysis tool that is part of AVAST. I started to do this yesterday, but

but.. it takes a long time, so am going to do it now and post results later.
Thanks, again!!

taichi · Jun 1, 2010

One thing I forgot to ask, I went to Secunia, which scanned & shows this:
*************
Adobe Flash Player 9.x 9.0.45.0 (ActiveX)
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.45.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.0.246.0 (ActiveX).

Update Instructions:
Download

Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx
**************

But on my DDS log (see snippet below) it shows that I have 10, unless that is something different.
I did think I updated it a couple of days ago when you asked me to.
I checked and sure enough there is an adobe flash player 9 sitting where Secunia says it is

Should I remove this? Thanks!

Smippet from DDS attach log:

==== Installed Programs ======================

2Wire Gateway
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin

Blade81 · Jun 1, 2010

Hi,

Yes, the .ocx file can be deleted.

taichi · Jun 2, 2010

My laptop still seems slow, especially opening any programs or web sites, but at least I am not being redirected with goggle searches.

Blade81 said:
Hi,
Yes, the .ocx file can be deleted.

I couldnt delete this after all, it said I didn't have authority. I looked at properties, which were read-only & I tried to change that, but it would not let me.

I ran the rootkit scan with Avast and it found a trojan: JAVA

jewers-R [Trj]
here.
c:\User\EAA\ApplicationData\LocalLow\Sun\Java\Deployment\Cache\6.0\13\7cdbdc4d-2cbbb420|>GoogleCode.class

I had it moved to virus chest for now. Should I just go ahead and delete it?

Thanks for your help!!

Blade81 · Jun 2, 2010

Hi,

Save following instructions and follow them after closing all web browser windows first.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
icacls C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx /remove everyone:d
icacls C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx /grant everyone:F
attrib -r C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx
del /q C:\Windows\SYSTEM32\Macromed\Flash\Flash9c.ocx

Right-click on fixes.bat file and select 'run as administrator' to execute it. See if the file still exists.

Avast finding can be deleted or left into virus chest (it won't return from there).

taichi · Jun 2, 2010

Thank you thank you thank you!!

Right-click on fixes.bat

GREAT!! It worked so fast, too, I nearly missed it. I checked, and the old adobe player ocx thing is no longer there.

The only other Secunia finding is for i-tunes, which I haven't decided if I am going to keep, as I haven't used it in a couple of years. For certain, I will update or remove the program, though, since it is not secure. I think I will never ignore the popup prompts to

update update update!!!!

Windows & my programs automatically. That was completely my mistake - always in a hurry and did not think I had time to let Windows install it's updates. Now I know I will ALWAYS have time!!

Thank you so very much for all your patience and help!! You and the other volunteers are awesome!
-TaiChi

Blade81 · Jun 2, 2010

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.

Rootkit dropper/trojan (still)

taichi

New member

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

taichi

New member

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

Blade81

Security Expert: Emeritus

taichi

New member

Blade81

Security Expert: Emeritus