|
Answer» I've been reading the forums here and have learned a lot including there are some folks on this board that really help people in a jam. Here's my situation. Hopefully someone can help me.
Sometime at the end of May my Firefox browser would go tot he wrong web page when I click on a link. For example I would search something in Google, click on one of the results and it would bring me to a totally wrong page or another search site. I ran McAfee (currently updated) and it found 2 viruses and deleted them. I ran it again and they were there again. I ran it in safe mode and it did not help. I attempted to restore to a point before the problems and my computer will not let me do it. So I have turned to this site for some help. I followed all of the direction and here are my results:
I Downloaded CCleaner and used it successfully
I downloaded SUPERAntiSpyware Free Edition. I attempted to install it and was unsuccessful. I received the following error.
“SUPERAntiSpyware has encountered a problem and needs to close. We are sorry for the inconvenience.
Error Signature
AppName: superantispyware.exe AppVer: 4.26.0.1004 ModName: superantispyware.exe
ModVer: 4.26.0.1004 Offset: 000039e0"
I then downloaded Malwarebytes' Anti-Malware and installed it. When I attempted to open it nothing happened. I used the randmbam.exe program and it worked. I attached the log.
I downloaded HijackThis, installed it and renamed the exe file to Sniper.exe. It will not run. I double click on it and nothing happens. I tried running it under its original name and it still did not work.
This is driving me crazy!!
Josh
[attachment deleted by admin]Try running the programs in safe mode, same as McAfee, if you haven't already.I did earlier and it didn't work. That was before I got Malwarebytes to work! SUPERAntiSpyware still gave me an error but HijackThis worked. Here is the log and thanks for the suggestion!
***Update***
I was finally able to run all of the programs in normal mode. I redid all of the steps and here are the logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/04/2009 at 03:24 AM
Application Version : 4.26.1004
Core Rules Database Version : 3923
Trace Rules Database Version: 1867
Scan type : Complete Scan
Total Scan Time : 05:14:32
Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 6057
Registry threats detected : 26
File items scanned : 167679
File threats detected : 46
Trojan.Unknown Origin
HKU\.DEFAULT\Software\ColdWare
HKU\S-1-5-18\Software\ColdWare
Rootkit.Agent/Gen-GXServ
HKLM\Software\gxvxc
HKLM\Software\gxvxc\disallowed
HKLM\Software\gxvxc\disallowed#avp.exe
HKLM\Software\gxvxc\disallowed#klif.sys
HKLM\Software\gxvxc\disallowed#mrt.exe
HKLM\Software\gxvxc\disallowed#spybotsd.exe
HKLM\Software\gxvxc\disallowed#sasdifsv.sys
HKLM\Software\gxvxc\disallowed#saskutil.sys
HKLM\Software\gxvxc\disallowed#sasenum.sys
HKLM\Software\gxvxc\disallowed#superantispyware.exe
HKLM\Software\gxvxc\disallowed#szkg.sys
HKLM\Software\gxvxc\disallowed#szserver.exe
HKLM\Software\gxvxc\disallowed#mbam.exe
HKLM\Software\gxvxc\disallowed#mbamswissarmy.sys
HKLM\Software\gxvxc\disallowed#pctssvc.sys
HKLM\Software\gxvxc\disallowed#pctcore.sys
HKLM\Software\gxvxc\disallowed#mchinjdrv.sys
HKLM\Software\gxvxc\disallowed#avgfwdx.sys
HKLM\Software\gxvxc\disallowed#avgldx86.sys
HKLM\Software\gxvxc\disallowed#avgmfx86.sys
HKLM\Software\gxvxc\disallowed#avgrkx86.sys
HKLM\Software\gxvxc\disallowed#avgtdix.sys
HKLM\Software\gxvxc\disallowed#hijackthis.exe
HKLM\Software\gxvxc\disallowed#combofix.exe
Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][4].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][5].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt
C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
Malwarebytes' Anti-Malware 1.37
Database version: 2227
Windows 5.1.2600 Service Pack 3
6/4/2009 6:37:12 AM
mbam-log-2009-06-04 (06-37-12).txt
Scan type: Quick Scan
Objects scanned: 102406
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:38 AM, on 6/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\Karate Chop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed LAUNCHER] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175650032531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175650027171
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
--
End of file - 8635 bytes
[attachment deleted by admin]Download DDS by sUBs and save it to your desktop. Alternate DDS download link
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.Thanks for helping me out. Here are the logs.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 20:14:38.18 on Thu 06/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.250 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\Karate Chop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Money 2007\MNYCoreFiles\mnybbsvc.exe
C:\Program Files\Microsoft Office\Office10\1033\msohelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money 2007\MNYCoreFiles\mnybb.exe
C:\Documents and Settings\Owner\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden
uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175650032531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175650027171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\577il9vi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-2 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-2 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-2 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-2 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-2 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-2 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-2 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2008-4-12 141056]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-2 34216]
=============== Created Last 30 ================
2009-06-04 20:13--d-h---c:\windows\PIF
2009-06-03 20:47--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-03 20:40--d-----c:\program files\SUPERAntiSpyware
2009-06-03 20:40--d-----c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-06-03 20:40--d-----c:\program files\common files\Wise Installation Wizard
2009-06-02 20:13--d-----c:\docume~1\owner\applic~1\Malwarebytes
2009-06-02 20:0040,160a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 20:0019,096a-------c:\windows\system32\drivers\mbam.sys
2009-06-02 20:00--d-----c:\program files\Malwarebytes' Anti-Malware
2009-06-02 20:00--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-02 19:52--d-----c:\program files\CCleaner
2009-06-02 17:09--d-----C:\HJT
2009-06-02 16:39--d-----c:\program files\Spybot - Search & Destroy2
2009-06-02 16:246,751a-------c:\windows\system32\Config.MPF
2009-06-02 06:4679,880a-------c:\windows\system32\drivers\mfeavfk.sys
2009-06-02 06:4640,552a-------c:\windows\system32\drivers\mfesmfk.sys
2009-06-02 06:4635,272a-------c:\windows\system32\drivers\mfebopk.sys
2009-06-02 06:46120,136a-------c:\windows\system32\drivers\Mpfp.sys
2009-06-02 06:45--d-----c:\program files\common files\McAfee
2009-06-02 06:45--d-----c:\program files\McAfee.com
2009-06-02 06:45--d-----c:\program files\McAfee
2009-06-02 06:4134,216a-------c:\windows\system32\drivers\mferkdk.sys
2009-06-01 21:3681,920a-------c:\windows\system32\Startup.cpl
2009-06-01 21:26--d-----c:\program files\Trend Micro
2009-06-01 21:15--d-----c:\program files\Spybot - Search & Destroy
2009-06-01 21:15--d-----c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-06-04 16:3827,584a-------c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-03-09 14:085,248a-------c:\windows\system32\giveio.sys
2009-03-09 05:19410,984a-------c:\windows\system32\deploytk.dll
2008-08-22 03:0732,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat
============= FINISH: 20:15:25.04 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2007 7:38:08 PM
System Uptime: 6/4/2009 6:18:42 AM (14 hours ago)
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2192/400mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 10.586 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (FAT32) - 466 GiB total, 55.595 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP800: 3/7/2009 12:07:04 AM - System Checkpoint
RP801: 3/8/2009 12:09:04 AM - System Checkpoint
RP802: 3/9/2009 2:09:04 AM - System Checkpoint
RP803: 3/10/2009 3:54:35 AM - System Checkpoint
RP804: 3/11/2009 9:12:08 AM - Software Distribution Service 3.0
RP805: 3/12/2009 10:03:27 AM - System Checkpoint
RP806: 3/13/2009 11:25:35 AM - System Checkpoint
RP807: 3/14/2009 2:00:20 AM - Software Distribution Service 3.0
RP808: 3/14/2009 6:47:21 PM - Removed Java(TM) 6 Update 11
RP809: 3/14/2009 6:48:11 PM - Installed Java(TM) 6 Update 12
RP810: 3/15/2009 9:17:24 PM - System Checkpoint
RP811: 3/16/2009 10:06:58 PM - System Checkpoint
RP812: 3/17/2009 10:21:12 PM - System Checkpoint
RP813: 3/18/2009 11:54:30 PM - System Checkpoint
RP814: 3/20/2009 12:20:43 AM - System Checkpoint
RP815: 3/21/2009 2:20:39 AM - System Checkpoint
RP816: 3/22/2009 4:20:39 AM - System Checkpoint
RP817: 3/23/2009 11:00:28 AM - System Checkpoint
RP818: 3/24/2009 7:40:03 PM - System Checkpoint
RP819: 3/25/2009 9:03:27 PM - System Checkpoint
RP820: 3/26/2009 9:33:12 PM - System Checkpoint
RP821: 3/27/2009 11:02:10 PM - System Checkpoint
RP822: 3/29/2009 1:14:10 AM - System Checkpoint
RP823: 3/30/2009 9:30:23 AM - System Checkpoint
RP824: 3/31/2009 11:27:48 AM - System Checkpoint
RP825: 4/1/2009 1:18:00 PM - System Checkpoint
RP826: 4/2/2009 6:38:40 PM - System Checkpoint
RP827: 4/3/2009 9:14:18 PM - System Checkpoint
RP828: 4/5/2009 1:29:15 PM - System Checkpoint
RP829: 4/7/2009 7:26:07 AM - System Checkpoint
RP830: 4/8/2009 8:12:54 AM - System Checkpoint
RP831: 4/9/2009 10:58:33 AM - System Checkpoint
RP832: 4/10/2009 1:01:47 PM - System Checkpoint
RP833: 4/11/2009 2:47:38 PM - System Checkpoint
RP834: 4/13/2009 5:50:59 PM - System Checkpoint
RP835: 4/14/2009 9:26:48 PM - System Checkpoint
RP836: 4/15/2009 4:34:01 PM - Software Distribution Service 3.0
RP837: 4/16/2009 4:55:18 PM - System Checkpoint
RP838: 4/17/2009 5:03:37 PM - Installed Java(TM) 6 Update 13
RP839: 4/19/2009 7:18:19 AM - System Checkpoint
RP840: 4/20/2009 7:53:20 AM - System Checkpoint
RP841: 4/21/2009 8:12:10 AM - System Checkpoint
RP842: 4/22/2009 10:12:22 AM - System Checkpoint
RP843: 4/23/2009 12:52:15 PM - System Checkpoint
RP844: 4/24/2009 2:12:15 PM - System Checkpoint
RP845: 4/25/2009 4:13:25 PM - System Checkpoint
RP846: 4/26/2009 6:12:18 PM - System Checkpoint
RP847: 4/27/2009 10:17:25 PM - System Checkpoint
RP848: 4/29/2009 12:26:21 AM - System Checkpoint
RP849: 4/30/2009 6:41:06 AM - System Checkpoint
RP850: 5/1/2009 3:49:58 PM - System Checkpoint
RP851: 5/2/2009 5:36:39 PM - System Checkpoint
RP852: 5/3/2009 8:41:18 PM - System Checkpoint
RP853: 5/4/2009 9:22:37 PM - System Checkpoint
RP854: 5/5/2009 10:49:44 PM - System Checkpoint
RP855: 5/7/2009 6:46:08 AM - System Checkpoint
RP856: 5/8/2009 8:42:28 AM - System Checkpoint
RP857: 5/9/2009 11:14:37 AM - System Checkpoint
RP858: 5/10/2009 12:07:22 PM - System Checkpoint
RP859: 5/11/2009 8:51:41 PM - System Checkpoint
RP860: 5/12/2009 10:13:56 PM - System Checkpoint
RP861: 5/13/2009 7:06:51 AM - Software Distribution Service 3.0
RP862: 5/14/2009 8:44:18 AM - System Checkpoint
RP863: 5/15/2009 8:45:18 AM - System Checkpoint
RP864: 5/16/2009 9:21:38 AM - System Checkpoint
RP865: 5/16/2009 12:50:31 PM - Installed TBS WMP Plug-in
RP866: 5/16/2009 12:52:27 PM - Configured TBS WMP Plug-in
RP867: 5/17/2009 7:53:29 PM - System Checkpoint
RP868: 5/18/2009 8:12:12 PM - System Checkpoint
RP869: 5/19/2009 9:48:50 PM - System Checkpoint
RP870: 5/20/2009 10:07:29 PM - System Checkpoint
RP871: 5/21/2009 10:22:47 PM - System Checkpoint
RP872: 5/23/2009 12:21:44 AM - System Checkpoint
RP873: 5/24/2009 2:21:44 AM - System Checkpoint
RP874: 5/25/2009 10:49:42 AM - System Checkpoint
RP875: 5/26/2009 3:33:57 PM - System Checkpoint
RP876: 5/26/2009 8:50:31 PM - Installed TBS WMP Plug-in
RP877: 6/3/2009 8:34:27 PM - Microsoft OneCare Protection Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.4
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Audacity 1.2.6
AutoUpdate
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Comcast Universal Installer v1.2
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DellConnect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX4600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EuroTalk Talk Now Plus!
FW LiveUpdate
Garmin Communicator Plugin
Garmin POI Loader
Google Earth
Google Gmail Notifier
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LightScribe 1.4.89.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Mozilla Firefox (3.0.10)
Nero Suite
QuickTime
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SoundMAX
SSC Service Utility v4.20
StartupMonitor
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
6/2/2009 9:03:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MPFP MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
6/2/2009 8:29:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/2/2009 8:28:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/2/2009 7:32:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
6/2/2009 7:22:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/2/2009 5:17:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/1/2009 9:45:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/1/2009 9:42:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb MSFWHLPR NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/1/2009 9:42:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/1/2009 9:37:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/1/2009 8:28:56 PM, error: OneCareMP [1008] -
6/1/2009 6:34:25 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 2 time(s).
6/1/2009 6:28:59 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
5/31/2009 8:51:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/31/2009 8:51:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/31/2009 8:46:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
5/31/2009 8:46:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
==== End Of File ===========================
Go to Add or Remove Programs and uninstall (if found):
- AutoUpdate
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they COULD damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
Code: [Select]KillAll::
DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
- Delete the JavaRa files from the Desktop
.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
I followed your instructions. Here is the combofix log.
ComboFix 09-06-04.06 - Owner 06/04/2009 21:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.310 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\gxvxchymaibdhttpwlxvbsqvufafdfexobsvv.sys
c:\windows\system32\gxvxcuvhtqgtfqlstwowdsocppjbmfwcqjuee.dll
c:\windows\system32\gxvxcviyiautbldtlyvdwhxtekonohcxjjvbv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 01:13 . 2009-06-05 01:13--------d--h--w-c:\windows\PIF
2009-06-04 01:48 . 2009-06-04 11:21117760----a-w-c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-04 01:47 . 2009-06-04 01:47--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-04 01:40 . 2009-06-04 01:41--------d-----w-c:\program files\SUPERAntiSpyware
2009-06-04 01:40 . 2009-06-04 01:40--------d-----w-c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-04 01:40 . 2009-06-04 01:40--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2009-06-03 01:13 . 2009-06-03 01:13--------d-----w-c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-03 01:00 . 2009-05-26 18:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 01:00 . 2009-06-03 01:13--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2009-06-03 01:00 . 2009-06-03 01:00--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 01:00 . 2009-05-26 18:1919096----a-w-c:\windows\system32\drivers\mbam.sys
2009-06-03 00:52 . 2009-06-03 00:52--------d-----w-c:\program files\CCleaner
2009-06-02 22:09 . 2009-06-03 00:49--------d-----w-C:\HJT
2009-06-02 21:39 . 2009-06-02 21:51--------d-----w-c:\program files\Spybot - Search & Destroy2
2009-06-02 11:46 . 2009-03-25 16:0640552----a-w-c:\windows\system32\drivers\mfesmfk.sys
2009-06-02 11:46 . 2009-03-25 16:0679880----a-w-c:\windows\system32\drivers\mfeavfk.sys
2009-06-02 11:46 . 2009-03-25 16:0635272----a-w-c:\windows\system32\drivers\mfebopk.sys
2009-06-02 11:46 . 2008-10-23 18:08120136----a-w-c:\windows\system32\drivers\Mpfp.sys
2009-06-02 11:45 . 2009-06-02 11:46--------d-----w-c:\program files\Common Files\McAfee
2009-06-02 11:45 . 2009-06-02 11:45--------d-----w-c:\program files\McAfee.com
2009-06-02 11:45 . 2009-06-04 02:59--------d-----w-c:\program files\McAfee
2009-06-02 11:41 . 2009-03-25 16:0534216----a-w-c:\windows\system32\drivers\mferkdk.sys
2009-06-02 03:44 . 2009-06-02 03:4427584----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 02:38 . 2009-06-02 02:381078----a-r-c:\documents and settings\Owner\Application Data\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
2009-06-02 02:26 . 2009-06-03 01:05--------d-----w-c:\program files\Trend Micro
2009-06-02 02:15 . 2009-06-02 22:10--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 02:15 . 2009-06-02 03:49--------d-----w-c:\program files\Spybot - Search & Destroy
2009-06-01 11:22 . 2009-06-01 11:22--------d-----w-c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 22:39 . 2008-11-27 04:37--------d-----w-c:\documents and settings\All Users\Application Data\Google Updater
2009-06-03 00:31 . 2008-12-21 15:53--------d-----w-c:\program files\Coupons
2009-06-02 21:31 . 2007-04-04 03:25--------d-----w-c:\documents and settings\All Users\Application Data\McAfee
2009-06-02 11:35 . 2007-04-04 01:00--------d--h--w-c:\documents and settings\Owner\Application Data\GTek
2009-05-27 15:11 . 2008-10-04 23:01--------d-----w-c:\documents and settings\LocalService\Application Data\SACore
2009-05-27 01:50 . 2007-04-04 00:54--------d--h--w-c:\program files\InstallShield Installation Information
2009-05-25 15:28 . 2007-04-05 02:15--------d-----w-c:\documents and settings\Owner\Application Data\U3
2009-05-25 04:19 . 2007-10-24 23:42--------d-----w-c:\documents and settings\Owner\Application Data\LimeWire
2009-04-19 12:05 . 2009-04-19 12:04--------d-----w-c:\program files\iTunes
2009-04-19 12:05 . 2009-04-19 12:04--------d-----w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 12:04 . 2009-04-19 12:04--------d-----w-c:\program files\iPod
2009-04-19 12:04 . 2007-07-08 17:37--------d-----w-c:\program files\Common Files\Apple
2009-04-19 12:02 . 2009-04-19 12:02--------d-----w-c:\program files\Bonjour
2009-04-19 12:00 . 2009-04-19 11:59--------d-----w-c:\program files\QuickTime
2009-04-19 11:46 . 2009-04-19 11:4675048----a-w-c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-17 22:04 . 2007-10-24 23:40--------d-----w-c:\program files\Java
2009-04-17 22:01 . 2009-04-17 22:01152576----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-10 18:03 . 2009-04-10 18:03--------d-----w-c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-25 16:06 . 2009-03-25 16:06214024----a-w-c:\windows\system32\drivers\mfehidk.sys
2009-03-19 21:32 . 2009-03-19 21:3223400----a-w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 21:32 . 2008-01-29 17:0123400----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 00:26 . 2009-03-15 00:26152576----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 19:08 . 2009-03-09 19:085248----a-w-c:\windows\system32\giveio.sys
2009-03-09 10:19 . 2008-12-05 15:35410984----a-w-c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-6 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/2/2009 6:49 AM 210216]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 05:06]
2009-06-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 15:53]
2009-06-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 15:53]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\577il9vi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 21:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-05 21:13
ComboFix-quarantined-files.txt 2009-06-05 02:13
Pre-Run: 11,309,228,032 bytes free
Post-Run: 11,376,951,296 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
191--- E O F ---2009-05-13 12:12
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if REQUIRED.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Run CCleaner.
----------
Use the Kaspersky Lab Online Scanner
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will TAKE a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
If needed, this animation will guide you through the process.Followed your instructions and here is the scan
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 05, 2009 05:55:16
Records in database: 2309311
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
Scan statistics:
Files scanned: 174908
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:57:51
No malware has been detected. The scan area is clean.
The selected area was scanned.
Looks good.
Use the Secunia Software Inspector to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update and get all critical updates.
----------
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here
Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Well all I can say is Thank You!. Everything seems to working perfectly now. You have truly been a help and I can't say thank you enough. I would like to make a donation to a charity or website of your choice as a thank you for your time and your help. Let me know where to make it. Thanks again!
|
