Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Hijack.WindowsUpdates Infection

Started by LifeOnAString , Sep 22 2009 01:06 AM

  • This topic is locked This topic is locked
16 replies to this topic

#1 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 22 September 2009 - 01:06 AM

I have this infection on my laptop, and it is preventing Windows Update from running.

Ran Malwarebytes several times, with the recurring reported removal, yet the infection persists scan after scan:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Saw chipdaddy's thread from a few days ago, and understand the removal is multi-step, and installation specific.

The only real-time virus control is Avast Home Edition. Have the free editions of Malwarebytes, SUPERAntiSpyWare, and SpywareBlaster, but they are only as needed scanners. Only MalwareBytes found the infection.

I downloaded ComboFix, disabled Avast, and ran/installed ComboFix.com. Here is the log:

ComboFix 09-09-20.04 - CEO 09/22/2009  2:51.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.891 [GMT -4:00]
Running from: c:\documents and settings\CEO\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2217913288-1106860674-1972820428-500
c:\recycler\S-1-5-21-3199605074-3298231587-1951900338-500
c:\recycler\S-1-5-21-3236594027-1492235858-3528902792-500
c:\recycler\S-1-5-21-3467185009-1450077237-1955714889-500
c:\windows\Alcmtr.exe
c:\windows\Installer\25921626.msi
c:\windows\Installer\3b2711d.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\setup.exe

.
(((((((((((((((((((((((((   Files Created from 2009-08-22 to 2009-09-22  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 21:18 . 2008-11-17 09:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-21 21:17 . 2008-11-17 13:11	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-10 18:54 . 2008-11-17 09:52	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-17 09:52	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-19 21:57 . 2008-08-19 16:48	--------	d-----w-	c:\program files\Safari
2009-08-19 21:55 . 2006-05-16 02:15	--------	d-----w-	c:\program files\Java
2009-08-17 16:10 . 2008-11-22 19:30	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-22 19:31	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-22 19:31	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-22 19:31	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-22 19:31	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-22 19:31	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-22 19:31	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-22 19:31	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-22 19:31	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-08 23:45 . 2007-07-11 15:59	--------	d-----w-	c:\program files\CompuPic
2009-07-25 09:23 . 2008-11-23 09:09	411368	----a-w-	c:\windows\system32\deploytk.dll
1999-06-17 13:00 . 2007-07-06 01:55	4921	----a-r-	c:\program files\Common Files\BEREADME.htm
1999-06-17 13:00 . 2007-07-06 01:55	3982	----a-r-	c:\program files\Common Files\BEREADME.txt
1999-05-11 17:21 . 2007-07-06 01:55	290816	----a-w-	c:\program files\Common Files\BatchExport.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F0F8C2B6-A911-4b4e-B2AE-89B82DC81F15}"= "c:\program files\SonySA\SrchAs\sySrcAs.dll" [2006-03-02 94208]

[HKEY_CLASSES_ROOT\clsid\{f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F8C2B1-A911-4b4e-B2AE-89B82DC81F15}]
2006-03-02 23:46	94208	----a-w-	c:\program files\SonySA\SrchAs\sySrcAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-26 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-10 217088]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VCDPlayer"="c:\progra~1\VIRTUA~1\System\VCDPlay.exe" [2002-09-16 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\2.1\moffice.exe" [2009-02-22 958464]
"WheelMouse"="c:\program files\Intelligent Driver\4DMAIN.EXE" [2000-05-08 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\CEO\Start Menu\Programs\Startup\
Quick Start program.lnk - c:\program files\Virtual CD v4\System\VCDTray.exe [2007-6-22 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-21 21:16	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11	39936	----a-w-	c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51	73728	----a-w-	c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Westwood\\Dune2000\\DUNE2000.DAT"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [5/15/2006 3:43 PM 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 3:31 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [6/22/2007 1:34 AM 49296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 3:31 PM 20560]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/15/2006 3:43 PM 36352]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [5/15/2006 3:43 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [5/15/2006 3:43 PM 812544]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/4/2008 3:25 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/4/2008 3:25 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/4/2008 3:25 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/4/2008 3:24 PM 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/23/2007 4:19 AM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1251751263&.rand=3pqteo3kb8e0a
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Photobucket Publisher - hxxp://s227.photobucket.com/csve/ie_plugin.php
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
FF - ProfilePath - c:\documents and settings\CEO\Application Data\Mozilla\Firefox\Profiles\bhbt5hpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://netservices.verizon.net/portal/link/main/vzcentral
FF - prefs.js: network.proxy.type - 1

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 02:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(948)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
.
Completion time: 2009-09-22  2:59
ComboFix-quarantined-files.txt  2009-09-22 06:58

Pre-Run: 5,375,549,440 bytes free
Post-Run: 5,608,923,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

214	--- E O F ---	2009-06-12 07:04

Hope Perplexus or someone like him can help! Thank you.


>>>Edited to add:

OK, maybe I should not have done this, but after the ComboFix scan above last night, I scanned again this morning with MalwareBytes: no infection found. So, I tried WIndows Update and it seemed to work (the IE6 URL displayed was from update.microsoft.com.)

Did that fix it? If so, what cleanup may be necessary? -Thanks

Edited by LifeOnAString, 22 September 2009 - 08:44 AM.

    Advertisements

Register to Remove

#2 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 24 September 2009 - 06:38 AM

Hi LifeOnAString, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 24 September 2009 - 06:58 PM

Unfortunately, both my laptop and desktop have IntelliCAD installed, so as a *.scr file, clicking on DDS.scr brings up IntelliCAD. I tried bringing up Folders/FileTypes, and un-associating SCR files from IntelliCAD, but then clicking on it does nothing. Since both machines have SCR files already defined, I don't have another machine to look at to find what an SCR file should be. What program should be used to open SCR files? Can I rename it to another file type? Thank you.

#4 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 24 September 2009 - 07:54 PM

Hi LifeOnAString


Yes, you can rename DDs to DDS.com

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#5 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 25 September 2009 - 12:12 AM

Thank you. That worked.

Attached is Attached File  Attach.txt   13.38KB   691 downloads. Here is what DDS said (DDS.txt):

DDS (Ver_09-07-30.01) - NTFSx86  
Run by CEO at  2:03:27.04 on Fri 09/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.990 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Virtual CD v4\System\VCDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CEO\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1251751263&.rand=3pqteo3kb8e0a
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://mysearch.myway.com/jsp/sonysidebar.jsp?p=SY
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: : {f0f8c2b1-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VCDPlayer] c:\progra~1\virtua~1\system\VCDPlay.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe"  /Stationary
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\mouse\2.1\moffice.exe
mRun: [WheelMouse] c:\program files\intelligent driver\4DMAIN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\ceo\startm~1\programs\startup\quicks~1.lnk - c:\program files\virtual cd v4\system\VCDTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Photobucket Publisher - hxxp://s227.photobucket.com/csve/ie_plugin.php
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://harrytuttle.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://200.9.36.138:82/wg_webeye.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://www.delreyhotel.com/english/key_largo_bar/webcam/plugin/h263ctrl.cab
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli fusstub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ceo\applic~1\mozilla\firefox\profiles\bhbt5hpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://netservices.verizon.net/portal/link/main/vzcentral
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-5-15 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [2007-6-22 49296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-22 138680]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-15 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-5-15 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-5-15 812544]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-22 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-22 352920]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-11-4 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-4 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-11-4 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-11-4 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-6-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-09-22 10:40	153,088	-c------	c:\windows\system32\dllcache\triedit.dll
2009-09-22 10:39	1,315,328	-c------	c:\windows\system32\dllcache\msoe.dll
2009-09-22 10:38	128,512	-c------	c:\windows\system32\dllcache\dhtmled.ocx
2009-09-22 02:49	<DIR>	a-dshr--	C:\cmdcons
2009-09-22 02:47	229,888	a-------	c:\windows\PEV.exe
2009-09-22 02:47	161,792	a-------	c:\windows\SWREG.exe
2009-09-22 02:47	98,816	a-------	c:\windows\sed.exe
2009-09-22 02:47	<DIR>	--d-----	C:\ComboFix
2009-09-21 17:06	1,627	a-------	C:\Quick Start program.lnk

==================== Find3M  ====================

2009-09-10 14:54	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-08-05 05:01	204,800	a-------	c:\windows\system32\mswebdvd.dll
2009-07-29 00:37	119,808	a-------	c:\windows\system32\t2embed.dll
2009-07-29 00:37	81,920	a-------	c:\windows\system32\fontsub.dll
2009-07-25 05:23	411,368	a-------	c:\windows\system32\deploytk.dll
2009-07-17 15:01	58,880	a-------	c:\windows\system32\atl.dll
2009-07-13 23:43	286,208	a-------	c:\windows\system32\wmpdxm.dll
2009-06-29 12:12	827,392	a-------	c:\windows\system32\wininet.dll
2009-06-29 12:12	78,336	a-------	c:\windows\system32\ieencode.dll
2009-06-29 12:12	17,408	a-------	c:\windows\system32\corpol.dll
2008-12-18 12:17	60,744	a-------	c:\documents and settings\ceo\g2mdlhlpx.exe
2007-06-23 04:18	79,328	a-------	c:\documents and settings\ceo\mqdmserd.sys
2007-06-23 04:18	5,936	a-------	c:\documents and settings\ceo\mqdmwhnt.sys
2007-06-23 04:18	92,064	a-------	c:\documents and settings\ceo\mqdmmdm.sys
2007-06-23 04:18	66,656	a-------	c:\documents and settings\ceo\mqdmbus.sys
2007-06-23 04:18	25,600	a-------	c:\documents and settings\ceo\usbsermptxp.sys
2007-06-23 04:18	22,768	a-------	c:\documents and settings\ceo\usbsermpt.sys
2007-06-23 04:18	9,232	a-------	c:\documents and settings\ceo\mqdmmdfl.sys
2007-06-23 04:18	6,208	a-------	c:\documents and settings\ceo\mqdmcmnt.sys
2007-06-23 04:18	4,048	a-------	c:\documents and settings\ceo\mqdmcr.sys
1999-06-17 09:00	4,921	a----r--	c:\program files\common files\BEREADME.htm
1999-06-17 09:00	3,982	a----r--	c:\program files\common files\BEREADME.txt
1999-05-11 13:21	290,816	a-------	c:\program files\common files\BatchExport.exe

============= FINISH:  2:03:52.75 ===============

Thank you for your help.

#6 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 25 September 2009 - 07:04 PM

Hi LifeOnAString,

You have several old vulnerable versions of java installed.

Open Control Panel > Add/Remove Programs and uninstall

J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Do Not uninstall Java™ 6 Update 15


Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK


Combofix may have removed a good file, we'll restore it and have it tested.

First locate combofix.exe on your desktop, right click it and select delete.

Download a new copy from either of these links and save it to your desktop. Do not run it, we will run it differently.

Link 1
Link 2

Disable your AntiVirus and AntiSpyware applications as you did before.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

DEQUARANTINE::
C:\Qoobox\Quarantine\c\windows\Alcmtr.exe.vir 

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

When it's finished 2 logs, DeQuarantine_log.txt and combofix.txt will be produced. Please include both in your next reply.



We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path, into the "Suspicious files to scan" box on the top of the page:

    c:\windows\Alcmtr.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Plase post back with
  • combofix log
  • DeQuarantine_log.txt
  • VirScan results
Any remaining problems?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 26 September 2009 - 09:27 AM

Thank you. All seemed to go well. No remaining problems, at least on my laptop. (I do have a pending issue wih my desktop, in a separate thread, "Adobe Acrobat Reader Key Problem," that has yet to receive a reply.)

Thanks again!

Here are the files:

C:\Qoobox\Quarantine\c\windows\Alcmtr.exe.vir -> c:\windows\Alcmtr.exe ( 69632 bytes )

VirSCAN.org Scanned Report :
Scanned time   : 2009/09/15 11:23:59 (EDT)
Scanner results: All Scanners reported not find malware!
File Name	  : Alcmtr.exe
File Size	  : 69632 byte
File Type	  : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5			: 8b4cbba1ea526830c7f97e7822e2493a
SHA1		   : e519f493e42694c564aaa347745bab035bbcb3d9
Online report  : http://virscan.org/report/ff7923dbd679b40259ae6d9734686566.html

Scanner		Engine Ver	  Sig Ver		   Sig Date	Time   Scan result
a-squared	  4.5.0.8		 20090915200235	2009-09-15  4.20   -
AhnLab V3	  2009.09.16.00   2009.09.16		2009-09-16  1.02   -
AntiVir		8.2.1.14		7.1.5.245		 2009-09-15  0.53   -
Antiy		  2.0.18		  20090915.2811554  2009-09-15  0.12   -
Arcavir		2009			200909150940	  2009-09-15  0.05   -
Authentium	 5.1.1		   200909150854	  2009-09-15  1.22   -
AVAST!		 4.7.4		   090914-0		  2009-09-14  0.01   -
AVG			8.5.288		 270.13.99/2372	2009-09-15  0.39   -
BitDefender	7.81008.4181394 7.27707		   2009-09-15  3.59   -
CA (VET)	   9.0.0.143	   31.6.6737		 2009-09-15  5.67   -
ClamAV		 0.95.2		  9806			  2009-09-15  0.02   -
Comodo		 3.11			2326			  2009-09-15  0.69   -
CP Secure	  1.3.0.5		 2009.09.15		2009-09-15  0.06   -
Dr.Web		 4.44.0.9170	 2009.09.15		2009-09-15  5.38   -
F-Prot		 4.4.4.56		20090915		  2009-09-15  1.21   -
F-Secure	   7.02.73807	  2009.09.15.06	 2009-09-15  0.13   -
Fortinet	   2.81-3.120	  10.835			2009-09-15  0.22   -
GData		  19.7865/19.475  20090915		  2009-09-15  5.18   -
ViRobot		20090915		2009.09.15		2009-09-15  0.55   -
Ikarus		 T3.1.01.72	  2009.09.15.73619  2009-09-15  4.04   -
JiangMin	   11.0.800		2009.09.14		2009-09-14  4.13   -
Kaspersky	  5.5.10		  2009.09.15		2009-09-15  0.09   -
KingSoft	   2009.2.5.15	 2009.9.15.18	  2009-09-15  0.56   -
McAfee		 5.3.00		  5741			  2009-09-14  3.24   -
Microsoft	  1.5005		  2009.09.15		2009-09-15  6.03   -
Norman		 6.01.09		 6.01.00		   2009-09-15  4.00   -
Panda		  9.05.01		 2009.09.14		2009-09-14  2.02   -
Trend Micro	8.700-1004	  6.446.01		  2009-09-15  0.04   -
Quick Heal	 10.00		   2009.09.15		2009-09-15  1.27   -
Rising		 20.0			21.47.14.00	   2009-09-15  0.91   -
Sophos		 2.90.1		  4.45			  2009-09-15  3.25   -
Sunbelt		5391			5391			  2009-09-14  1.44   -
Symantec	   1.3.0.24		20090914.003	  2009-09-14  0.05   -
nProtect	   20090915.01	 5485934		   2009-09-15  6.59   -
The Hacker	 6.3.4.4		 v00404			2009-09-14  0.71   -
VBA32		  3.12.10.10	  20090914.1504	 2009-09-14  1.93   -
VirusBuster	4.5.11.10	   10.112.37/1864413 2009-09-14  2.32   -

ComboFix 09-09-25.01 - CEO 09/26/2009 11:05.2.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.945 [GMT -4:00]
Running from: c:\documents and settings\CEO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CEO\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090926-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts

.
(((((((((((((((((((((((((   Files Created from 2009-08-26 to 2009-09-26  )))))))))))))))))))))))))))))))
.

2009-09-26 15:05 . 2009-09-26 15:05	69632	----a-w-	c:\windows\Alcmtr.exe
2009-09-22 16:48 . 2009-09-22 16:48	--------	d-----w-	c:\windows\LastGood
2009-09-22 14:40 . 2009-06-21 21:44	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2009-09-22 14:39 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 14:54 . 2006-05-16 02:15	--------	d-----w-	c:\program files\Java
2009-09-21 21:18 . 2008-11-17 09:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-21 21:17 . 2008-11-17 13:11	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-10 18:54 . 2008-11-17 09:52	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-17 09:52	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-19 21:57 . 2008-08-19 16:48	--------	d-----w-	c:\program files\Safari
2009-08-17 16:10 . 2008-11-22 19:30	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-22 19:31	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-22 19:31	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-22 19:31	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-22 19:31	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-22 19:31	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-22 19:31	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-22 19:31	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-22 19:31	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-08 23:45 . 2007-07-11 15:59	--------	d-----w-	c:\program files\CompuPic
2009-08-05 09:01 . 2006-05-15 19:42	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-05-15 19:42	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-05-15 19:42	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-07-25 09:23 . 2008-11-23 09:09	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-05-15 19:42	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-05-15 19:43	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2006-05-15 19:42	827392	----a-w-	c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-05-15 19:42	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-05-15 19:42	17408	----a-w-	c:\windows\system32\corpol.dll
1999-06-17 13:00 . 2007-07-06 01:55	4921	----a-r-	c:\program files\Common Files\BEREADME.htm
1999-06-17 13:00 . 2007-07-06 01:55	3982	----a-r-	c:\program files\Common Files\BEREADME.txt
1999-05-11 17:21 . 2007-07-06 01:55	290816	----a-w-	c:\program files\Common Files\BatchExport.exe
.

(((((((((((((((((((((((((((((   SnapShot@2009-09-22_06.57.00   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-22 16:42 . 2009-09-22 16:42	16384			  c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2009-09-22 16:42 . 2009-09-22 16:42	16384			  c:\windows\Temp\Perflib_Perfdata_5d0.dat
+ 2006-05-15 19:42 . 2009-06-25 08:25	54272			  c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-07-14 11:03	46080			  c:\windows\system32\tzchange.exe
+ 2006-05-15 19:42 . 2009-06-12 12:31	80896			  c:\windows\system32\tlntsess.exe
+ 2006-05-15 19:42 . 2009-06-12 12:31	76288			  c:\windows\system32\telnet.exe
- 2007-06-20 17:10 . 2008-07-09 07:38	26488			  c:\windows\system32\spupdsvc.exe
+ 2007-06-20 17:10 . 2007-07-27 14:41	26488			  c:\windows\system32\spupdsvc.exe
- 2007-06-21 16:36 . 2008-07-09 07:38	17272			  c:\windows\system32\spmsg.dll
+ 2007-06-21 16:36 . 2008-07-08 13:02	17272			  c:\windows\system32\spmsg.dll
+ 2006-05-15 19:42 . 2009-06-25 08:25	56832			  c:\windows\system32\secur32.dll
- 2006-05-15 19:42 . 2009-02-03 19:59	56832			  c:\windows\system32\secur32.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	44544			  c:\windows\system32\pngfilt.dll
+ 2006-05-15 19:42 . 2007-08-13 22:01	48128			  c:\windows\system32\mshtmler.dll
+ 2006-05-15 19:42 . 2007-08-13 22:32	45568			  c:\windows\system32\mshta.exe
+ 2007-08-13 22:36 . 2007-08-13 22:36	12288			  c:\windows\system32\msfeedssync.exe
+ 2007-08-13 22:54 . 2009-06-29 16:12	52224			  c:\windows\system32\msfeedsbs.dll
+ 2006-05-15 19:42 . 2007-08-13 22:44	40960			  c:\windows\system32\licmgr10.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	27648			  c:\windows\system32\jsproxy.dll
+ 2006-05-15 19:42 . 2007-08-13 22:39	92672			  c:\windows\system32\inseng.dll
+ 2006-05-15 19:42 . 2007-08-13 22:36	36352			  c:\windows\system32\imgutil.dll
- 2007-08-13 22:39 . 2007-12-06 11:00	13824			  c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2009-06-29 11:07	13824			  c:\windows\system32\ieudinit.exe
+ 2006-05-15 19:42 . 2007-08-13 22:39	55296			  c:\windows\system32\iesetup.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	44544			  c:\windows\system32\iernonce.dll
+ 2006-05-15 19:42 . 2009-06-29 11:07	70656			  c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2009-06-29 16:12	63488			  c:\windows\system32\icardie.dll
+ 2006-05-15 19:42 . 2009-06-24 11:18	92928			  c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25	54272			  c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31	80896			  c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31	76288			  c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25	56832			  c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59	56832			  c:\windows\system32\dllcache\secur32.dll
+ 2007-08-13 22:36 . 2009-06-29 16:12	44544			  c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:01 . 2007-08-13 22:01	48128			  c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:32 . 2007-08-13 22:32	45568			  c:\windows\system32\dllcache\mshta.exe
+ 2008-04-02 16:52 . 2009-06-29 16:12	52224			  c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-02 16:52 . 2007-12-07 02:21	52224			  c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:44 . 2007-08-13 22:44	40960			  c:\windows\system32\dllcache\licmgr10.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18	92928			  c:\windows\system32\dllcache\ksecdd.sys
+ 2007-08-13 22:54 . 2009-06-29 16:12	27648			  c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:39 . 2007-08-13 22:39	92672			  c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 22:36 . 2007-08-13 22:36	36352			  c:\windows\system32\dllcache\imgutil.dll
- 2008-04-02 16:52 . 2007-12-06 11:00	13824			  c:\windows\system32\dllcache\ieudinit.exe
+ 2008-04-02 16:52 . 2009-06-29 11:07	13824			  c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 22:39 . 2007-08-13 22:39	55296			  c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39 . 2009-06-29 16:12	44544			  c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 08:10 . 2009-06-29 16:12	78336			  c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 22:44 . 2007-08-13 22:44	69120			  c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 22:39 . 2009-06-29 11:07	70656			  c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-02 16:52 . 2009-06-29 16:12	63488			  c:\windows\system32\dllcache\icardie.dll
- 2008-04-02 16:52 . 2007-12-07 02:21	63488			  c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 22:18 . 2007-08-13 22:18	60416			  c:\windows\system32\dllcache\hmmapi.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37	81920			  c:\windows\system32\dllcache\fontsub.dll
- 2008-04-02 16:46 . 2008-04-14 00:11	33792			  c:\windows\system32\dllcache\custsat.dll
+ 2008-04-02 16:46 . 2007-08-13 22:54	33792			  c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 22:42 . 2009-06-29 16:12	17408			  c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13	84992			  c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01	58880			  c:\windows\system32\dllcache\atl.dll
+ 2007-08-13 22:39 . 2007-08-13 22:39	71680			  c:\windows\system32\dllcache\admparse.dll
+ 2006-05-15 19:42 . 2009-06-10 14:13	84992			  c:\windows\system32\avifil32.dll
- 2006-05-15 19:42 . 2008-04-14 00:11	84992			  c:\windows\system32\avifil32.dll
+ 2006-05-15 19:42 . 2007-08-13 22:39	71680			  c:\windows\system32\admparse.dll
+ 2009-09-22 16:26 . 2007-08-13 22:36	44544			  c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	50688			  c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	27136			  c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	13312			  c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-22 16:26 . 2007-08-13 22:39	43008			  c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-22 16:26 . 2009-06-26 16:50	81920			  c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	54784			  c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-22 16:26 . 2007-08-13 22:36	61952			  c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-22 16:26 . 2008-04-14 00:11	35328			  c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	37888			  c:\windows\ie7\url.dll
+ 2009-09-22 16:24 . 2007-08-13 22:52	66048			  c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2009-09-22 16:23 . 2007-08-13 22:54	32960			  c:\windows\ie7\spuninst\iecustom.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	39424			  c:\windows\ie7\pngfilt.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	96256			  c:\windows\ie7\occache.dll
+ 2009-09-22 16:20 . 2008-04-13 16:26	56832			  c:\windows\ie7\mshtmler.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	29184			  c:\windows\ie7\mshta.exe
+ 2009-09-22 16:20 . 2008-04-14 00:11	22016			  c:\windows\ie7\licmgr10.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	15872			  c:\windows\ie7\jsproxy.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	96256			  c:\windows\ie7\inseng.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	35840			  c:\windows\ie7\imgutil.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	93184			  c:\windows\ie7\iexplore.exe
+ 2009-09-22 16:20 . 2008-04-14 00:11	62976			  c:\windows\ie7\iesetup.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	48640			  c:\windows\ie7\iernonce.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	18432			  c:\windows\ie7\iedw.exe
+ 2009-09-22 16:20 . 2008-04-14 00:12	34304			  c:\windows\ie7\ie4uinit.exe
+ 2009-09-22 16:20 . 2008-04-14 00:11	38912			  c:\windows\ie7\hmmapi.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	55808			  c:\windows\ie7\extmgr.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	33792			  c:\windows\ie7\custsat.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	99840			  c:\windows\ie7\advpack.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	61440			  c:\windows\ie7\admparse.dll
+ 2006-05-15 19:42 . 2009-06-10 06:14	132096			  c:\windows\system32\wkssvc.dll
- 2006-05-15 19:42 . 2008-04-14 00:12	132096			  c:\windows\system32\wkssvc.dll
+ 2007-08-13 22:45 . 2007-08-13 22:45	206336			  c:\windows\system32\WinFXDocObj.exe
+ 2006-05-15 19:42 . 2009-06-29 16:12	233472			  c:\windows\system32\webcheck.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	105984			  c:\windows\system32\url.dll
+ 2006-05-15 19:42 . 2009-06-25 08:25	147456			  c:\windows\system32\schannel.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	102912			  c:\windows\system32\occache.dll
+ 2006-05-15 19:42 . 2009-06-25 08:25	136192			  c:\windows\system32\msv1_0.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	671232			  c:\windows\system32\mstime.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	193024			  c:\windows\system32\msrating.dll
+ 2006-05-15 19:42 . 2007-08-13 22:54	156160			  c:\windows\system32\msls31.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	477696			  c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12	459264			  c:\windows\system32\msfeeds.dll
+ 2006-05-15 19:42 . 2009-06-25 08:25	730112			  c:\windows\system32\lsasrv.dll
+ 2006-05-15 19:42 . 2009-06-25 08:25	301568			  c:\windows\system32\kerberos.dll
- 2006-05-15 19:42 . 2008-05-09 10:53	512000			  c:\windows\system32\jscript.dll
+ 2006-05-15 19:42 . 2009-08-13 15:16	512000			  c:\windows\system32\jscript.dll
+ 2007-08-13 22:54 . 2007-08-13 22:54	180736			  c:\windows\system32\ieui.dll
+ 2007-08-13 22:34 . 2009-06-29 16:12	268288			  c:\windows\system32\iertutil.dll
+ 2006-05-15 19:42 . 2007-08-13 22:54	191488			  c:\windows\system32\iepeers.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	385024			  c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-06-29 16:12	380928			  c:\windows\system32\ieapfltr.dll
+ 2006-05-15 19:42 . 2009-06-29 08:33	161792			  c:\windows\system32\ieakui.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	230400			  c:\windows\system32\ieaksie.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	153088			  c:\windows\system32\ieakeng.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	133120			  c:\windows\system32\extmgr.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	214528			  c:\windows\system32\dxtrans.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	347136			  c:\windows\system32\dxtmsft.dll
+ 2009-07-14 03:43 . 2009-07-14 03:43	286208			  c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14	132096			  c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-21 06:44 . 2009-06-29 16:12	827392			  c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12	233472			  c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2008-05-27 17:23	765952			  c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 22:44 . 2009-06-29 16:12	105984			  c:\windows\system32\dllcache\url.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37	119808			  c:\windows\system32\dllcache\t2embed.dll
+ 2006-09-23 17:12 . 2006-09-23 17:12	474112			  c:\windows\system32\dllcache\shlwapi.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25	147456			  c:\windows\system32\dllcache\schannel.dll
+ 2007-08-13 22:44 . 2009-06-29 16:12	102912			  c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01	204800			  c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25	136192			  c:\windows\system32\dllcache\msv1_0.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12	671232			  c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:44 . 2009-06-29 16:12	193024			  c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 22:54 . 2007-08-13 22:54	156160			  c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12	477696			  c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-02 16:52 . 2007-12-07 02:21	459264			  c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-02 16:52 . 2009-06-29 16:12	459264			  c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-16 07:48 . 2009-06-25 08:25	730112			  c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25	301568			  c:\windows\system32\dllcache\kerberos.dll
- 2008-05-09 10:53 . 2008-05-09 10:53	512000			  c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16	512000			  c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 22:43 . 2009-06-29 08:35	634632			  c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-02 16:52 . 2009-06-29 16:12	268288			  c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 22:54 . 2007-08-13 22:54	191488			  c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-06-29 16:12	385024			  c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-02 16:52 . 2009-06-29 16:12	380928			  c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 21:56 . 2009-06-29 08:33	161792			  c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-06-29 16:12	230400			  c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-06-29 16:12	153088			  c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12	133120			  c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:35 . 2009-06-29 16:12	214528			  c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2009-06-29 16:12	347136			  c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2009-06-29 16:12	124928			  c:\windows\system32\dllcache\advpack.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	124928			  c:\windows\system32\advpack.dll
+ 2009-03-20 15:48 . 2009-03-20 15:48	183808			  c:\windows\Installer\2fa81f6.msp
+ 2009-09-22 16:26 . 2007-08-13 22:54	818688			  c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	231424			  c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-22 16:26 . 2007-08-13 22:44	105984			  c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-22 16:26 . 2009-05-26 11:40	382840			  c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-22 16:26 . 2008-07-08 13:02	231288			  c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-22 16:26 . 2007-08-13 22:44	101376			  c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	670720			  c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-22 16:26 . 2007-08-13 22:44	192000			  c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	475648			  c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	458752			  c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-22 16:26 . 2007-08-13 22:43	622080			  c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-22 16:26 . 2007-08-13 22:34	266752			  c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	382976			  c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-22 16:26 . 2007-07-11 16:27	383488			  c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-22 16:26 . 2007-08-13 21:56	161792			  c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	229376			  c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	152064			  c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	131584			  c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-22 16:26 . 2007-08-13 22:35	214528			  c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-22 16:26 . 2007-08-13 22:35	346624			  c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-22 16:26 . 2007-08-13 22:39	123904			  c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-09-22 19:16 . 2007-08-13 22:54	765952			  c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-09-22 19:16 . 2007-03-06 01:23	371424			  c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-09-22 19:16 . 2007-03-06 01:22	213216			  c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2009-09-22 16:20 . 2009-06-26 16:50	666624			  c:\windows\ie7\wininet.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	276480			  c:\windows\ie7\webcheck.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	851968			  c:\windows\ie7\vgx.dll
+ 2009-09-22 16:20 . 2009-06-26 16:50	620032			  c:\windows\ie7\urlmon.dll
+ 2009-09-22 16:23 . 2006-09-06 21:43	371424			  c:\windows\ie7\spuninst\updspapi.dll
+ 2009-09-22 16:23 . 2006-09-06 21:43	213216			  c:\windows\ie7\spuninst\spuninst.exe
+ 2009-09-22 16:20 . 2008-04-14 00:12	532480			  c:\windows\ie7\mstime.dll
+ 2009-09-22 16:20 . 2008-04-14 00:12	146432			  c:\windows\ie7\msrating.dll
+ 2009-09-22 16:20 . 2004-08-04 12:00	146432			  c:\windows\ie7\msls31.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	449024			  c:\windows\ie7\mshtmled.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	251904			  c:\windows\ie7\iepeers.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	323584			  c:\windows\ie7\iedkcs32.dll
+ 2009-09-22 16:20 . 2004-08-04 12:00	221184			  c:\windows\ie7\ieakui.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	216576			  c:\windows\ie7\ieaksie.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	143360			  c:\windows\ie7\ieakeng.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	205312			  c:\windows\ie7\dxtrans.dll
+ 2009-09-22 16:20 . 2008-04-14 00:11	357888			  c:\windows\ie7\dxtmsft.dll
- 2006-05-15 19:43 . 2008-06-18 10:03	2458112			  c:\windows\system32\WMVCore.dll
+ 2006-05-15 19:43 . 2009-05-20 08:56	2458112			  c:\windows\system32\WMVCore.dll
+ 2006-05-15 19:42 . 2009-06-29 16:12	1159680			  c:\windows\system32\urlmon.dll
+ 2006-05-15 19:42 . 2009-07-18 16:05	1509888			  c:\windows\system32\shdocvw.dll
+ 2006-05-15 19:42 . 2009-06-03 19:09	1291264			  c:\windows\system32\quartz.dll
+ 2006-05-15 19:58 . 2009-06-10 13:19	2066432			  c:\windows\system32\mstscax.dll
+ 2006-05-15 19:42 . 2009-07-19 23:03	3597824			  c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2009-07-19 13:32	6067200			  c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2009-06-29 08:33	2452872			  c:\windows\system32\ieapfltr.dat
+ 2007-06-21 15:29 . 2009-05-20 08:56	2458112			  c:\windows\system32\dllcache\WMVCore.dll
- 2007-06-21 15:29 . 2008-06-18 10:03	2458112			  c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-26 08:15 . 2009-06-29 16:12	1159680			  c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:15 . 2009-07-18 16:05	1509888			  c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09	1291264			  c:\windows\system32\dllcache\quartz.dll
+ 2009-06-10 13:19 . 2009-06-10 13:19	2066432			  c:\windows\system32\dllcache\mstscax.dll
+ 2008-04-21 06:44 . 2009-07-19 23:03	3597824			  c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-02 16:52 . 2009-07-19 13:32	6067200			  c:\windows\system32\dllcache\ieframe.dll
+ 2008-04-02 16:52 . 2009-06-29 08:33	2452872			  c:\windows\system32\dllcache\ieapfltr.dat
+ 2006-09-23 17:12 . 2006-09-23 17:12	1022976			  c:\windows\system32\dllcache\browseui.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	1162240			  c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	3578368			  c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-22 16:26 . 2007-08-13 22:54	6049280			  c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-22 16:26 . 2007-02-12 20:10	2451312			  c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2009-09-22 16:20 . 2009-07-18 16:05	3069440			  c:\windows\ie7\mshtml.dll
+ 2006-05-15 19:43 . 2009-07-14 03:43	10841088			  c:\windows\system32\wmp.dll
+ 2007-06-21 15:46 . 2009-08-28 18:38	24689600			  c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43	10841088			  c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F0F8C2B6-A911-4b4e-B2AE-89B82DC81F15}"= "c:\program files\SonySA\SrchAs\sySrcAs.dll" [2006-03-02 94208]

[HKEY_CLASSES_ROOT\clsid\{f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F8C2B1-A911-4b4e-B2AE-89B82DC81F15}]
2006-03-02 23:46	94208	----a-w-	c:\program files\SonySA\SrchAs\sySrcAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-26 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-10 217088]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VCDPlayer"="c:\progra~1\VIRTUA~1\System\VCDPlay.exe" [2002-09-16 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\2.1\moffice.exe" [2009-02-22 958464]
"WheelMouse"="c:\program files\Intelligent Driver\4DMAIN.EXE" [2000-05-08 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\CEO\Start Menu\Programs\Startup\
Quick Start program.lnk - c:\program files\Virtual CD v4\System\VCDTray.exe [2007-6-22 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-21 21:16	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11	39936	----a-w-	c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51	73728	----a-w-	c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Westwood\\Dune2000\\DUNE2000.DAT"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [5/15/2006 3:43 PM 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 3:31 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [6/22/2007 1:34 AM 49296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 3:31 PM 20560]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/15/2006 3:43 PM 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [5/15/2006 3:43 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [5/15/2006 3:43 PM 812544]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/4/2008 3:25 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/4/2008 3:25 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/4/2008 3:25 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/4/2008 3:24 PM 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/23/2007 4:19 AM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1251751263&.rand=3pqteo3kb8e0a
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Photobucket Publisher - hxxp://s227.photobucket.com/csve/ie_plugin.php
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
FF - ProfilePath - c:\documents and settings\CEO\Application Data\Mozilla\Firefox\Profiles\bhbt5hpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://netservices.verizon.net/portal/link/main/vzcentral
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 11:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'Explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Labtec\Mouse\2.1\MOUDL32A.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-26 11:15
ComboFix-quarantined-files.txt  2009-09-26 15:15
ComboFix2.txt  2009-09-22 06:59
C:\DeQuarantine.txt

Pre-Run: 5,141,114,880 bytes free
Post-Run: 5,112,614,912 bytes free

431	--- E O F ---	2009-09-22 16:49

#8 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 26 September 2009 - 11:21 AM

Hi LifeOnAString,

Looks pretty good. One more scan just to be sure.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • Kaspersky scan
  • new DDS log (just the DDS.txt this time)

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 27 September 2009 - 01:09 PM

Kaspery found nothing:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Sunday, September 27, 2009
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Sunday, September 27, 2009 15:53:48
 Records in database: 2927757
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	L:\
	O:\
	R:\
	S:\
	T:\
	U:\
	V:\

Scan statistics:
	Objects scanned: 122098
	Threats found: 0
	Infected objects found: 0
	Suspicious objects found: 0
	Scan duration: 02:50:12

No threats found. Scanned area is clean.

Selected area has been scanned.

Here is what DDS said:

DDS (Ver_09-09-24.01) - NTFSx86  
Run by CEO at 15:03:45.57 on Sun 09/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.829 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 090927-0] *On-access scanning disabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virtual CD v4\System\VCDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\CEO\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1251751263&.rand=3pqteo3kb8e0a
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://mysearch.myway.com/jsp/sonysidebar.jsp?p=SY
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: : {f0f8c2b1-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VCDPlayer] c:\progra~1\virtua~1\system\VCDPlay.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe"  /Stationary
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\mouse\2.1\moffice.exe
mRun: [WheelMouse] c:\program files\intelligent driver\4DMAIN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\ceo\startm~1\programs\startup\quicks~1.lnk - c:\program files\virtual cd v4\system\VCDTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: Photobucket Publisher - hxxp://s227.photobucket.com/csve/ie_plugin.php
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://harrytuttle.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://200.9.36.138:82/wg_webeye.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://www.delreyhotel.com/english/key_largo_bar/webcam/plugin/h263ctrl.cab
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli fusstub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ceo\applic~1\mozilla\firefox\profiles\bhbt5hpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://netservices.verizon.net/portal/link/main/vzcentral
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-5-15 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [2007-6-22 49296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-22 138680]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-15 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-5-15 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-5-15 812544]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-22 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-22 352920]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-11-4 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-4 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-11-4 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-11-4 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-6-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-09-26 11:05	69,632	a-------	c:\windows\Alcmtr.exe
2009-09-22 10:40	153,088	-c------	c:\windows\system32\dllcache\triedit.dll
2009-09-22 10:39	1,315,328	-c------	c:\windows\system32\dllcache\msoe.dll
2009-09-22 10:38	128,512	-c------	c:\windows\system32\dllcache\dhtmled.ocx
2009-09-22 02:49	<DIR>	a-dshr--	C:\cmdcons
2009-09-22 02:47	229,888	a-------	c:\windows\PEV.exe
2009-09-22 02:47	161,792	a-------	c:\windows\SWREG.exe
2009-09-22 02:47	98,816	a-------	c:\windows\sed.exe
2009-09-21 17:06	1,627	a-------	C:\Quick Start program.lnk

==================== Find3M  ====================

2009-09-10 14:54	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-08-05 05:01	204,800	a-------	c:\windows\system32\mswebdvd.dll
2009-07-29 00:37	119,808	a-------	c:\windows\system32\t2embed.dll
2009-07-29 00:37	81,920	a-------	c:\windows\system32\fontsub.dll
2009-07-25 05:23	411,368	a-------	c:\windows\system32\deploytk.dll
2009-07-17 15:01	58,880	a-------	c:\windows\system32\atl.dll
2009-07-13 23:43	286,208	a-------	c:\windows\system32\wmpdxm.dll
2008-12-18 12:17	60,744	a-------	c:\documents and settings\ceo\g2mdlhlpx.exe
2007-06-23 04:18	79,328	a-------	c:\documents and settings\ceo\mqdmserd.sys
2007-06-23 04:18	5,936	a-------	c:\documents and settings\ceo\mqdmwhnt.sys
2007-06-23 04:18	92,064	a-------	c:\documents and settings\ceo\mqdmmdm.sys
2007-06-23 04:18	66,656	a-------	c:\documents and settings\ceo\mqdmbus.sys
2007-06-23 04:18	25,600	a-------	c:\documents and settings\ceo\usbsermptxp.sys
2007-06-23 04:18	22,768	a-------	c:\documents and settings\ceo\usbsermpt.sys
2007-06-23 04:18	9,232	a-------	c:\documents and settings\ceo\mqdmmdfl.sys
2007-06-23 04:18	6,208	a-------	c:\documents and settings\ceo\mqdmcmnt.sys
2007-06-23 04:18	4,048	a-------	c:\documents and settings\ceo\mqdmcr.sys
1999-06-17 09:00	4,921	a----r--	c:\program files\common files\BEREADME.htm
1999-06-17 09:00	3,982	a----r--	c:\program files\common files\BEREADME.txt
1999-05-11 13:21	290,816	a-------	c:\program files\common files\BatchExport.exe

============= FINISH: 15:04:37.42 ===============

Hope this means the laptop is now clean. (My desktop is quite anopther story.)

Thank you.

#10 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 27 September 2009 - 01:52 PM

Hi LifeOnAString,

If no other problems, we can clean up our tools.

From your desktop, please delete
  • ,
  • any notepads/logs that we created
  • DDS.com

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /u

I suggest you keep MBAM. Keep MBAM updated and use it regularly.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 8.1.4 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have an antivirus program and an on demand antispyware program.

I recommend you use an antispyware program with resident (real time) scanning. I suggest

Winpatrol
OR
Windows Defender

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0


-More tips and programs can be found HERE


- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care :adios:

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove

#11 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 27 September 2009 - 03:52 PM

All done, more or less. Run could not find Combofix. As I recall, it should have been off C:\. Since it is no longer on my Desktop, I may have removed it when I deleted the various log files. Should I re-install and use the uninstall? Have been using MBAM for almost a year now, scanning every week or so. Same with Spyware Blaster, and SUPERAntiSpyware. I uninstalled Reader 8. Since I cannot install 8 or 9 on my desktop computer (see seprate thread), I have already been using Foxit Reader there. Seems to work fine, and seems to have installed here on the laptop fine. Regarding a resident antispyware program, it appears that the free version of Winpatrol is not resident. Is that correct? If so, I will make due with Windows Defender. (Already installed it on my desktop computer as one of the Adobe "solutions" to my Reader install problem on the other thread.) The Quick Scan showed no problems. For a firewall, among those listed, Comodo seemed the best, but there was no cross-comparison chart that I could find. (I used the free ZoneAlarm some time ago, until they dropped support for Win98SE; thought the WinXP firewall was sufficient.) I am looking for something with the least system overhead, so if there is something you can suggest, that would be appreciated. The IE7 Options were changed, as you suggested. Also ran Secuna to update a few programs (Adobe Flash, Avast, QuickTime, and FireFox). Advice on Combofix uninstall, the free Winpatrol, and a firewall would be appreciated. Thank you.

#12 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 27 September 2009 - 06:53 PM

Hi

Yes just download combofix and save it to your desktop. Then run the command

combofix /u


it appears that the free version of Winpatrol is not resident

It is resident but with about a minute delay.Windows Defender is fine. Spybot with TeaTimer enabled may also be an option. You can find a link to it on the same page as the fiewall linked below.


PCTools firewall or one of the others listed on this page may be what you want. Check HERE

Have you checked your other thread?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#13 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 September 2009 - 07:38 PM

I will give the PCTools firewall a try, and follow-up on the other issues in that linked thread.

I will tell you that I uninstalled Secunia Personal Software Inspector (PSI) 1.0. It was a nag and hardly seemed necessary to e a real-time program. An on-demand scanner would be more appropriate, particularly since it's not perfect.

Some bad news. When I downloaded Combofix to uninstall it, I forgot it was not an install file, so I accidentally ran it. I also uninstalled it from the run command.

Here is the log file from that unintentional run. Please advise if this has caused any problems. Thanks.

ComboFix 09-09-25.01 - CEO 09/27/2009 22:50.3.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.989 [GMT -4:00]
Running from: c:\documents and settings\CEO\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 090927-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((   Files Created from 2009-08-28 to 2009-09-28  )))))))))))))))))))))))))))))))
.

2009-09-27 21:36 . 2009-09-27 21:37	--------	d-----w-	c:\program files\QuickTime
2009-09-27 21:05 . 2009-09-27 21:05	--------	d-----w-	c:\program files\Secunia
2009-09-27 20:31 . 2009-09-27 20:31	--------	d-----w-	c:\program files\Windows Defender
2009-09-27 20:18 . 2009-09-27 20:18	--------	d-----w-	c:\documents and settings\CEO\Application Data\Foxit
2009-09-27 20:17 . 2009-09-27 20:17	--------	d-----w-	c:\program files\Foxit Software
2009-09-26 15:05 . 2009-09-26 15:05	69632	----a-w-	c:\windows\Alcmtr.exe
2009-09-22 14:40 . 2009-06-21 21:44	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2009-09-22 14:39 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 21:34 . 2007-07-17 23:29	--------	d-----w-	c:\program files\Common Files\Apple
2009-09-27 20:07 . 2007-06-21 17:44	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-26 14:54 . 2006-05-16 02:15	--------	d-----w-	c:\program files\Java
2009-09-21 21:18 . 2008-11-17 09:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-21 21:17 . 2008-11-17 13:11	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-15 10:59 . 2008-11-22 19:30	1279968	----a-w-	c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-11-22 19:31	93424	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-11-22 19:31	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-11-22 19:31	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-11-22 19:31	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-11-22 19:31	52368	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-11-22 19:31	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-11-22 19:31	27408	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-11-22 19:31	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-09-10 18:54 . 2008-11-17 09:52	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-17 09:52	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-19 21:57 . 2008-08-19 16:48	--------	d-----w-	c:\program files\Safari
2009-08-08 23:45 . 2007-07-11 15:59	--------	d-----w-	c:\program files\CompuPic
2009-08-05 09:01 . 2006-05-15 19:42	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-05-15 19:42	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-05-15 19:42	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-07-25 09:23 . 2008-11-23 09:09	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-05-15 19:42	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-05-15 19:43	286208	----a-w-	c:\windows\system32\wmpdxm.dll
1999-06-17 13:00 . 2007-07-06 01:55	4921	----a-r-	c:\program files\Common Files\BEREADME.htm
1999-06-17 13:00 . 2007-07-06 01:55	3982	----a-r-	c:\program files\Common Files\BEREADME.txt
1999-05-11 17:21 . 2007-07-06 01:55	290816	----a-w-	c:\program files\Common Files\BatchExport.exe
.

(((((((((((((((((((((((((((((   SnapShot_2009-09-26_15.12.27   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 02:22 . 2009-09-28 02:22	16384			  c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2009-09-28 02:21 . 2009-09-28 02:21	16384			  c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2007-11-26 08:19 . 2009-09-28 02:17	88589			  c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-11-26 08:19 . 2009-08-31 23:13	88589			  c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-09-27 21:35 . 2009-09-27 21:35	694272			  c:\windows\Installer\39e7e.msi
+ 2009-09-27 21:37 . 2009-09-27 21:37	9013760			  c:\windows\Installer\3a10b.msi
+ 2009-09-27 20:31 . 2009-09-27 20:31	1155072			  c:\windows\Installer\124ac0.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F0F8C2B6-A911-4b4e-B2AE-89B82DC81F15}"= "c:\program files\SonySA\SrchAs\sySrcAs.dll" [2006-03-02 94208]

[HKEY_CLASSES_ROOT\clsid\{f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F8C2B1-A911-4b4e-B2AE-89B82DC81F15}]
2006-03-02 23:46	94208	----a-w-	c:\program files\SonySA\SrchAs\sySrcAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-26 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-10 217088]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VCDPlayer"="c:\progra~1\VIRTUA~1\System\VCDPlay.exe" [2002-09-16 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\2.1\moffice.exe" [2009-02-22 958464]
"WheelMouse"="c:\program files\Intelligent Driver\4DMAIN.EXE" [2000-05-08 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\CEO\Start Menu\Programs\Startup\
Quick Start program.lnk - c:\program files\Virtual CD v4\System\VCDTray.exe [2007-6-22 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-21 21:16	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11	39936	----a-w-	c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51	73728	----a-w-	c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Westwood\\Dune2000\\DUNE2000.DAT"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [5/15/2006 3:43 PM 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 3:31 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [6/22/2007 1:34 AM 49296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 3:31 PM 20560]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/15/2006 3:43 PM 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [5/15/2006 3:43 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [5/15/2006 3:43 PM 812544]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/4/2008 3:25 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/4/2008 3:25 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/4/2008 3:25 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/4/2008 3:24 PM 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/23/2007 4:19 AM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc841.mail.yahoo.com/mc/welcome?.partner=vz-acs&.gx=1&.tm=1251751263&.rand=3pqteo3kb8e0a
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Photobucket Publisher - hxxp://s227.photobucket.com/csve/ie_plugin.php
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
FF - ProfilePath - c:\documents and settings\CEO\Application Data\Mozilla\Firefox\Profiles\bhbt5hpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://netservices.verizon.net/portal/link/main/vzcentral
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll

- - - - - - - > 'lsass.exe'(1236)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'Explorer.exe'(884)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Labtec\Mouse\2.1\MOUDL32A.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-28 23:00
ComboFix-quarantined-files.txt  2009-09-28 03:00
ComboFix2.txt  2009-09-26 15:15
ComboFix3.txt  2009-09-22 06:59

Pre-Run: 4,628,733,952 bytes free
Post-Run: 4,729,810,944 bytes free

233	--- E O F ---	2009-09-22 16:49

#14 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 September 2009 - 11:00 PM

Hi LifeOnAString, No harm running combofix. The important part was running the uninstall command. Take care.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#15 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 September 2009 - 06:48 AM

Seems to be running fine now - Windows updates are happening. Thank you for all your help.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·