Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Help! My Computer is sending spam from my hotmail account

This is a discussion on Help! My Computer is sending spam from my hotmail account within the Resolved HJT Threads forums, part of the Tech Support Forum category. My computer has been sending Spam emails to my contact list off and on for a couple of weeks now.


 
 
Thread Tools Search this Thread
Old 03-27-2011, 09:03 PM   #1
Registered Member
 
Join Date: Mar 2011
Location: Pittsburgh
Posts: 4
OS: Windows XP SP3



My computer has been sending Spam emails to my contact list off and on for a couple of weeks now. I've run Avast antivirus and SuperAntiSpyware multiple times, but still the spam goes out. I am using Outlook to manage my email (several accounts setup, but only my msn.com account is affected). It seems my msn.com password may have been compromised as well since the spam sometimes gets sent when my computer is off. I've changed my msn.com password, but I can see that spam messages have also been sent directly from my PC since they are listed in the "Sent" folder.

Any help will be appreciated.

I do have a Windows XP Install CD, and my system drive is "E:".

Thanks, Doug

DDS.txt log follows:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Douglas A. Coast at 23:15:00.32 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1286 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\lkcitdl.exe
E:\WINDOWS\system32\lkads.exe
E:\WINDOWS\system32\lktsrv.exe
E:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
E:\WINDOWS\system32\lxddcoms.exe
E:\Program Files\Common Files\Motive\McciCMService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\National Instruments\MAX\nimxs.exe
E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
E:\WINDOWS\system32\nisvcloc.exe
E:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
e:\Program Files\Zune\ZuneBusEnum.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\WINDOWS\Explorer.EXE
E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Lexmark 2500 Series\lxddmon.exe
E:\Program Files\Lexmark 2500 Series\lxddamon.exe
E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
E:\Program Files\LogMeIn\x86\LogMeInSystray.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Alwil Software\Avast5\avastUI.exe
E:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
E:\Program Files\Zune\ZuneLauncher.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\PROGRA~1\COMPON~1\CS-RCS\System\csrcssrv.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Documents and Settings\Douglas A. Coast\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=e:\windows\system32\userinit.exe,userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - e:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2D4CAA9B-07E1-40EB-A39A-D15DB1B505F9} - No File
BHO: {59871A39-F57A-44F8-9E9B-B496E9722C15} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - e:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9E4F9260-0693-41CF-BCF1-D6971A9C075B} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE732F3F-A529-4D09-B732-761358128054} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: {B6977394-563B-41FE-9B56-E44EBBC46ADE} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - e:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: {D107A2B0-A075-417D-A291-27DD0B9BE04E} - No File
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: {D5D2387A-51A5-40A6-8141-2A173FE0DE19} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE029A31-1F3F-4AFB-A588-B4F96840CE61} - No File
BHO: {E5C3497C-BC3A-4146-B5A8-6B7D86460F2C} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F2E28324-1A9E-4B60-A783-82E70EBA05F5} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - e:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - e:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [CSRCSSRV] e:\program files\componentsoftware\cs-rcs\system\csrcssrv.exe /Automation
uRun: [msnmsgr] "e:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] "e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PMCLoader] e:\program files\pinnacle\tvcenter pro\PMCLoader.exe -checktasks
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil10n_Plugin.exe -update plugin
mRun: [NVMixerTray] "e:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [lxddmon.exe] "e:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "e:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "e:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Microsoft Works Update Detection] e:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [LogMeIn GUI] "e:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Photo Downloader] "e:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] "e:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] e:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Zune Launcher] "e:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: &Windows Live Search - e:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open in new background tab - e:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?5256e5cada044537838c218f2ead1330
IE: Open in new foreground tab - e:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?5256e5cada044537838c218f2ead1330
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - e:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\documents and settings\douglas a. coast\desktop\PartyPoker.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: upmc.com
Trusted Zone: upmc.edu
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219966804671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: e:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll e:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 e:\windows\system32\awtqoNDs
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\docume~1\dougla~1.coa\applic~1\mozilla\firefox\profiles\4c2zljzv.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: e:\program files\bearshare applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: e:\documents and settings\douglas a. coast\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: e:\documents and settings\douglas a. coast\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: e:\documents and settings\douglas a. coast\application data\mozilla\firefox\profiles\4c2zljzv.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: e:\documents and settings\douglas a. coast\application data\mozilla\firefox\profiles\4c2zljzv.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: e:\documents and settings\douglas a. coast\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: e:\documents and settings\douglas a. coast\local settings\application data\google\update\1.2.121.9\npGoogleOneClick.dll
FF - plugin: e:\program files\common files\motive\npMotive.dll
FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: e:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: e:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\alwil software\avast5\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - e:\documents and settings\douglas a. coast\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [2008-7-11 28544]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [2011-3-8 371544]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [2009-1-3 301528]
R1 BIOS;BIOS;e:\windows\system32\drivers\BIOS.sys [2007-10-1 13696]
R1 CBUL32;Measurement Computing DataAcq;e:\windows\system32\drivers\CBUL32.sys [2009-1-28 53984]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2009-1-3 19544]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-12-14 42184]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
R2 LMIGuardianSvc;LMIGuardianSvc;e:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;e:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-8 47640]
R2 lxdd_device;lxdd_device;e:\windows\system32\lxddcoms.exe -service --> e:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;e:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-1-7 99248]
R2 niarbk;niarbk;e:\windows\system32\drivers\niarbk.dll [2003-7-25 37376]
R2 nibffrk;nibffrk;e:\windows\system32\drivers\nibffrk.dll [2003-7-25 21504]
R2 Nidaq32k;Nidaq32k;e:\windows\system32\drivers\nidaq32k.sys [2003-7-25 672768]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;e:\windows\system32\drivers\nidmmk.dll [2003-7-25 50688]
R2 nimdsk;nimdsk;e:\windows\system32\drivers\nimdsk.dll [2003-7-25 30208]
R2 nistck;nistck;e:\windows\system32\drivers\niSTCk.dll [2003-7-25 111616]
R2 NProtectService;Norton Unerase Protection;e:\program files\norton utilities\NPROTECT.EXE [2009-1-2 135168]
R2 WinDriver;WinDriver;e:\windows\system32\drivers\windrvr.sys [2007-10-4 205220]
R3 OmniTV;Cx2388x AvStream Video Capture;e:\windows\system32\drivers\OmniTV.sys [2007-10-29 243584]
S1 pschedd;pschedd;e:\windows\system32\drivers\pschedd.sys --> e:\windows\system32\drivers\pschedd.sys [?]
S1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872]
S2 DUALServer;Dual DHCP DNS Service;e:\program files\dualserver\DualServer.exe [2009-2-16 325393]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]
S2 McShield;McAfee Real-time Scanner;e:\program files\mcafee\virusscan\mcshield.exe --> e:\program files\mcafee\virusscan\McShield.exe [?]
S2 OMSCAN;OMSCAN;\SysG --> \SysG [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
S3 cpuz130;cpuz130;\??\e:\docume~1\dougla~1.coa\locals~1\temp\cpuz130\cpuz_x32.sys --> e:\docume~1\dougla~1.coa\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CQX;Samsung Audiovox Virtual Serial Port Driver;e:\windows\system32\drivers\CQX.SYS [2008-4-18 38144]
S3 gpibclsb;GPIB Board Class Driver;e:\windows\system32\drivers\gpibclsb.sys --> e:\windows\system32\drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;e:\windows\system32\drivers\gpibclsd.sys --> e:\windows\system32\drivers\gpibclsd.sys [?]
S3 LJ_Usb;LabJack USB Driver;e:\windows\system32\drivers\LabJackusb.sys [2008-4-13 25654]
S3 MATScheduler;MAT Background Service;e:\bombardiertransportation\svtbgateway\MATSchedule.exe [2008-9-30 249856]
S3 McSysmon;McAfee SystemGuards;e:\progra~1\mcafee\viruss~1\mcsysmon.exe --> e:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;e:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-03-19 12:48:03 -------- d-----w- e:\docume~1\dougla~1.coa\locals~1\applic~1\Quicken WillMaker Plus 2010
2011-03-19 12:47:54 90112 ----a-w- e:\windows\unvise32.exe
2011-03-19 12:47:51 -------- d-----w- e:\docume~1\dougla~1.coa\applic~1\Quicken WillMaker
2011-03-19 12:47:47 -------- d-----w- e:\program files\Quicken WillMaker Plus 2010
2011-03-19 03:08:35 -------- d-----w- e:\windows\system32\Adobe
2011-03-09 02:31:44 371544 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-03-06 19:12:38 -------- d-----w- e:\program files\InstallJammer Registry
2011-02-27 05:35:22 -------- d-----w- e:\docume~1\dougla~1.coa\applic~1\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2011-02-27 03:37:34 -------- d-----w- e:\program files\Times Reader
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- e:\windows\avastSS.scr
2011-02-09 13:53:52 270848 ----a-w- e:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- e:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- e:\windows\system32\mstscax.dll
2011-01-29 00:54:31 216064 ----a-w- e:\windows\iun3405.exe
2011-01-27 11:57:06 677888 ----a-w- e:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- e:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- e:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- e:\windows\system32\win32k.sys
.
============= FINISH: 23:16:00.04 ===============
Attached Files
File Type: zip attach.zip (7.0 KB, 9 views)

__________________
coast105 is offline  
Old 03-29-2011, 10:08 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,320
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.

Quote:
E: is FIXED (NTFS) - 143 GiB total, 10.829 GiB free.
I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the E:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-30-2011, 07:54 AM   #3
Registered Member
 
Join Date: Mar 2011
Location: Pittsburgh
Posts: 4
OS: Windows XP SP3



OK, I managed to get 40 GB free space first. Ran Combofix - first attempt caused my system to reboot and lock-up. Had to power-off and restart. Ran again successfully, log file follows.

ComboFix 11-03-29.03 - Douglas A. Coast 03/29/2011 23:14:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1452 [GMT -4:00]
Running from: e:\documents and settings\Douglas A. Coast\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\caitlin\Application Data\Dealio
e:\documents and settings\caitlin\Application Data\Dealio\res\widgets.xml
e:\documents and settings\caitlin\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
e:\documents and settings\Douglas A. Coast\.gem
e:\documents and settings\Douglas A. Coast\SendTo\touch.exe
e:\windows\cookies.ini
e:\windows\mainms.vpi
e:\windows\megavid.cdt
e:\windows\muotr.so
e:\windows\system32\aHOopXyb.ini
e:\windows\system32\aHOopXyb.ini2
e:\windows\system32\chwrfdkg.ini
e:\windows\system32\dsxmosdl.ini
e:\windows\system32\eaedpgbg.ini
e:\windows\system32\exopsdlr.ini
e:\windows\system32\hkkjSvut.ini
e:\windows\system32\hkkjSvut.ini2
e:\windows\system32\hljwugsf.bin
e:\windows\system32\iiyhucli.ini
e:\windows\system32\jlUtBcfe.ini
e:\windows\system32\jlUtBcfe.ini2
e:\windows\system32\mcrh.tmp
e:\windows\system32\mvruhpov.ini
e:\windows\system32\nnbsgxdl.ini
e:\windows\system32\nprsvGgh.ini
e:\windows\system32\nprsvGgh.ini2
e:\windows\system32\pac.txt
e:\windows\system32\qeckjjxo.ini
e:\windows\system32\qpssYJlm.ini
e:\windows\system32\qpssYJlm.ini2
e:\windows\system32\QsrCLkkj.ini
e:\windows\system32\QsrCLkkj.ini2
e:\windows\system32\RtAaaGgh.ini
e:\windows\system32\RtAaaGgh.ini2
e:\windows\system32\sDNoqtwa.ini
e:\windows\system32\sDNoqtwa.ini2
e:\windows\system32\sxfkcddc.ini
e:\windows\system32\vwklksqy.ini
e:\windows\system32\wseswihi.ini
e:\windows\system32\xhnamvfr.ini
e:\windows\system32\xonqswop.ini
e:\windows\system32\xygqymgv.ini
e:\windows\system32\XyJjmnnn.ini
e:\windows\system32\XyJjmnnn.ini2
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Legacy_WINDRIVER
-------\Service_usnjsvc
-------\Service_WinDriver
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 00:01 . 2011-03-30 02:03 -------- d-----w- E:\DVD
2011-03-19 12:48 . 2011-03-19 12:49 -------- d-----w- e:\documents and settings\Douglas A. Coast\Local Settings\Application Data\Quicken WillMaker Plus 2010
2011-03-19 12:47 . 2008-01-30 20:36 90112 ----a-w- e:\windows\unvise32.exe
2011-03-19 12:47 . 2011-03-19 12:47 -------- d-----w- e:\documents and settings\Douglas A. Coast\Application Data\Quicken WillMaker
2011-03-19 12:47 . 2011-03-19 12:49 -------- d-----w- e:\program files\Quicken WillMaker Plus 2010
2011-03-19 03:08 . 2011-03-19 03:08 -------- d-----w- e:\windows\system32\Adobe
2011-03-09 02:31 . 2011-02-23 14:56 371544 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-03-06 19:12 . 2011-03-06 19:12 -------- d-----w- e:\program files\InstallJammer Registry
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-12-15 02:01 40648 ----a-w- e:\windows\avastSS.scr
2011-02-23 15:04 . 2009-01-03 22:11 190016 ----a-w- e:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2009-01-03 22:11 301528 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2009-01-03 22:11 49240 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2009-01-03 22:11 102232 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2009-01-03 22:11 96344 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2009-01-03 22:11 25432 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2009-01-03 22:11 30680 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2009-01-03 22:11 19544 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- e:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- e:\windows\system32\encdec.dll
2011-02-02 07:58 . 2007-09-26 10:27 2067456 ----a-w- e:\windows\system32\mstscax.dll
2011-01-29 00:54 . 2011-01-29 00:54 216064 ----a-w- e:\windows\iun3405.exe
2011-01-27 11:57 . 2007-09-26 10:27 677888 ----a-w- e:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- e:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- e:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- e:\windows\system32\win32k.sys
2007-12-07 21:02 . 2007-12-07 21:02 44360 ----a-w- e:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-12-07 21:02 . 2007-12-07 21:02 107928 ----a-w- e:\program files\mozilla firefox\plugins\atgpcext.dll
2003-05-01 13:36 . 2003-05-01 13:36 114688 ----a-w- e:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2007-07-25 00:03 . 2007-07-25 00:03 118784 ----a-w- e:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- e:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- e:\progra~1\BEARSH~1\MediaBar\DataMngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 23:50 809864 ----a-w- e:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "e:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-26 2423752]
"CSRCSSRV"="e:\program files\ComponentSoftware\CS-RCS\System\csrcssrv.exe" [2008-07-07 64872]
"msnmsgr"="e:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-03 68856]
"PMCLoader"="e:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-08-15 109640]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="e:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"lxddmon.exe"="e:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="e:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="e:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"Microsoft Works Update Detection"="e:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"LogMeIn GUI"="e:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Adobe Photo Downloader"="e:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Zune Launcher"="e:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"PinnacleDriverCheck"="e:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-15 00:19 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- e:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=e:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=e:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Douglas A. Coast^Start Menu^Programs^Startup^DW_Start.lnk]
path=e:\documents and settings\Douglas A. Coast\Start Menu\Programs\Startup\DW_Start.lnk
backup=e:\windows\pss\DW_Start.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Douglas A. Coast^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=e:\documents and settings\Douglas A. Coast\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=e:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Douglas A. Coast^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=e:\documents and settings\Douglas A. Coast\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=e:\windows\pss\YouTube Uploader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
E:\W [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- e:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 16:19 207360 ----a-w- e:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54 5674352 ----a-w- e:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-02-14 01:05 86016 ----a-w- e:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 06:26 406016 ----a-w- e:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
2007-08-15 17:54 109640 ----a-w- e:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- e:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
2005-05-26 23:30 885248 ----a-w- e:\program files\ResChanger 2005\ResChanger2005.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-03 22:44 68856 ----a-w- e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- e:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 18:55 159472 ----a-w- e:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"e:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"e:\\WINDOWS\\system32\\lxddcoms.exe"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Nburn\\pcbin\\Mttty.exe"=
"e:\\Nburn\\pcbin\\AutoUpdate.exe"=
"e:\\Projects\\CTA\\PCSoftware\\IPTMsgSim\\IPTMsgSim_dbg.exe"=
"e:\\ipt_test\\IptDirSim.exe"=
"e:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"e:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"e:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"e:\\ipt_test\\IptComTest.exe"=
"e:\\WINDOWS\\system32\\ftp.exe"=
"e:\\IPTCOMTest2\\run\\IptComTestTS.exe"=
"e:\\IPTCOMTest2\\run\\IptDirSim.exe"=
"e:\\Nburn\\pcbin\\IPSetup.exe"=
"e:\\Projects\\CTA\\PCSoftware\\IPTMsgSim\\IPTMsgSim.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\LabJack\\LJControlPanel\\LJControlPanel.exe"=
"e:\\Nburn\\pcbin\\taskscan.exe"=
"e:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"e:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\BombardierTransportation\\SVTBGateway\\SvtbGw.exe"=
"e:\\Nburn\\pcbin\\UDPTerminal.exe"=
"e:\\Nburn\\NBEclipse\\NBEclipse.exe"=
"e:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"e:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
"e:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"e:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"e:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [7/11/2008 10:20 AM 28544]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [3/8/2011 10:31 PM 371544]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [1/3/2009 6:11 PM 301528]
R1 BIOS;BIOS;e:\windows\system32\drivers\BIOS.sys [10/1/2007 6:48 AM 13696]
R1 CBUL32;Measurement Computing DataAcq;e:\windows\system32\drivers\CBUL32.sys [1/28/2009 11:07 PM 53984]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67656]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [1/3/2009 6:11 PM 19544]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 98304]
R2 LMIGuardianSvc;LMIGuardianSvc;e:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/2/2010 12:26 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 lxdd_device;lxdd_device;e:\windows\system32\lxddcoms.exe -service --> e:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;e:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/7/2008 12:07 AM 99248]
R2 niarbk;niarbk;e:\windows\system32\drivers\niarbk.dll [7/25/2003 8:18 PM 37376]
R2 nibffrk;nibffrk;e:\windows\system32\drivers\nibffrk.dll [7/25/2003 8:18 PM 21504]
R2 Nidaq32k;Nidaq32k;e:\windows\system32\drivers\nidaq32k.sys [7/25/2003 9:32 PM 672768]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;e:\windows\system32\drivers\nidmmk.dll [7/25/2003 9:35 PM 50688]
R2 nimdsk;nimdsk;e:\windows\system32\drivers\nimdsk.dll [7/25/2003 8:19 PM 30208]
R2 nistck;nistck;e:\windows\system32\drivers\niSTCk.dll [7/25/2003 8:20 PM 111616]
R2 NProtectService;Norton Unerase Protection;e:\program files\Norton Utilities\NPROTECT.EXE [1/2/2009 9:32 PM 135168]
R3 OmniTV;Cx2388x AvStream Video Capture;e:\windows\system32\drivers\OmniTV.sys [10/29/2007 8:14 PM 243584]
S1 pschedd;pschedd;e:\windows\system32\drivers\pschedd.sys --> e:\windows\system32\drivers\pschedd.sys [?]
S2 DUALServer;Dual DHCP DNS Service;e:\program files\DualServer\DualServer.exe [2/16/2009 7:46 AM 325393]
S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 10:10 AM 135664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [4/19/2010 1:45 PM 1050440]
S3 cpuz130;cpuz130;\??\e:\docume~1\DOUGLA~1.COA\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> e:\docume~1\DOUGLA~1.COA\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CQX;Samsung Audiovox Virtual Serial Port Driver;e:\windows\system32\drivers\CQX.SYS [4/18/2008 6:48 AM 38144]
S3 gpibclsb;GPIB Board Class Driver;e:\windows\system32\Drivers\gpibclsb.sys --> e:\windows\system32\Drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;e:\windows\system32\Drivers\gpibclsd.sys --> e:\windows\system32\Drivers\gpibclsd.sys [?]
S3 LJ_Usb;LabJack USB Driver;e:\windows\system32\drivers\LabJackusb.sys [4/13/2008 9:56 PM 25654]
S3 MATScheduler;MAT Background Service;e:\bombardiertransportation\SVTBGateway\MATSchedule.exe [9/30/2008 9:36 PM 249856]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;e:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 e:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- e:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-03-30 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 14:10]
.
2011-03-30 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 14:10]
.
2011-03-30 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program files\Ask.com\UpdateTask.exe [2009-04-02 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: &Windows Live Search - e:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open in new background tab - e:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5256e5cada044537838c218f2ead1330
IE: Open in new foreground tab - e:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5256e5cada044537838c218f2ead1330
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: upmc.com
Trusted Zone: upmc.edu
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - ProfilePath - e:\documents and settings\Douglas A. Coast\Application Data\Mozilla\Firefox\Profiles\4c2zljzv.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - e:\documents and settings\Douglas A. Coast\Application Data\Move Networks
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2D4CAA9B-07E1-40EB-A39A-D15DB1B505F9} - (no file)
BHO-{59871A39-F57A-44F8-9E9B-B496E9722C15} - (no file)
BHO-{9E4F9260-0693-41CF-BCF1-D6971A9C075B} - (no file)
BHO-{AE732F3F-A529-4D09-B732-761358128054} - (no file)
BHO-{B6977394-563B-41FE-9B56-E44EBBC46ADE} - (no file)
BHO-{D107A2B0-A075-417D-A291-27DD0B9BE04E} - (no file)
BHO-{D5D2387A-51A5-40A6-8141-2A173FE0DE19} - (no file)
BHO-{DE029A31-1F3F-4AFB-A588-B4F96840CE61} - (no file)
BHO-{E5C3497C-BC3A-4146-B5A8-6B7D86460F2C} - (no file)
BHO-{F2E28324-1A9E-4B60-A783-82E70EBA05F5} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BMbf38ddd9 - e:\windows\system32\uddwsajd.dll
MSConfigStartUp-f0b3ab78 - e:\windows\system32\ldsomxsd.dll
MSConfigStartUp-RecSche - e:\program files\TVR\RecSche.exe
MSConfigStartUp-SpybotSD TeaTimer - e:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TkBellExe - e:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WinDVRCtrl - e:\windows\WDVRCtrl.exe
MSConfigStartUp-{3A-AB-BD-D7-DW} - e:\windows\system32\rwwnw64d.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - e:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-29 23:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,14,c4,f7,de,fe,75,4b,84,b3,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,14,c4,f7,de,fe,75,4b,84,b3,c1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL
e:\windows\system32\WININET.dll
e:\windows\system32\LMIinit.dll
e:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2996)
e:\windows\system32\WININET.dll
e:\windows\system32\nview.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\nvwddi.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
e:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Alwil Software\Avast5\AvastSvc.exe
e:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\lkcitdl.exe
e:\windows\system32\lkads.exe
e:\windows\system32\lktsrv.exe
e:\program files\LogMeIn\x86\RaMaint.exe
e:\program files\LogMeIn\x86\LogMeIn.exe
e:\windows\system32\lxddcoms.exe
e:\program files\Common Files\Motive\McciCMService.exe
e:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\program files\National Instruments\MAX\nimxs.exe
e:\program files\National Instruments\Shared\Security\nidmsrv.exe
e:\windows\system32\nisvcloc.exe
e:\program files\National Instruments\Shared\Tagger\tagsrv.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Speed Disk\nopdb.exe
e:\program files\Zune\ZuneBusEnum.exe
e:\windows\system32\rundll32.exe
e:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
e:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-03-29 23:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-30 03:50
.
Pre-Run: 16,907,849,728 bytes free
Post-Run: 38,665,035,776 bytes free
.
- - End Of File - - 329CC5764AD843D0359B0CA1063C1F03
__________________
coast105 is offline  
Old 03-30-2011, 09:49 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,320
OS: XP SP3; Win7 32/64-bit



Hello Doug. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

I noticed you have Ask Toolbar installed.

Please read this and decide if you want to keep it >> Current Practices of IAC/Ask Toolbars

You can uninstall it via Add or Remove Programs in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

E:\Program Files\Ask.com

------------------------------------------------------

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
MediaBar


------------------------------------------------------

Do you use Norton Speed Disk 6.0 for Windows NT or Norton Utilities 2002 for Windows? If not...

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

Norton Speed Disk 6.0 for Windows NT
Norton Utilities 2002 for Windows


------------------------------------------------------

TuneUp Utilities

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 6 Update 23, by going to Control Panel (Classic View) and double-clicking on the Java icon (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at E:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-31-2011, 04:59 AM   #5
Registered Member
 
Join Date: Mar 2011
Location: Pittsburgh
Posts: 4
OS: Windows XP SP3



chemist, thanks for your help.

So far, my system seems to be behaving normally. No problems noted. No spam emails sent in the last 24 hours since I updated my msn.com email account password in my outlook setup to match my new msn.com account password (of course, I didn't necessarily see spam going out every day).

MBAM log and ESET report as follows:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6221

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/30/2011 8:44:15 PM
mbam-log-2011-03-30 (20-44-15).txt

Scan type: Quick scan
Objects scanned: 190362
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\WINDOWS\system32\tijsbecbjbfau.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\WINDOWS\bmbf38ddd9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
e:\WINDOWS\bmbf38ddd9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6cfbba6f8591634dae459998e1a54202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-31 07:28:18
# local_time=2011-03-31 03:28:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 8207141 8207141 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=433567
# found=61
# cleaned=0
# scan_time=23097
C:\Config.Msi\Documents and Settings\Douglas A. Coast\My Documents\Downloads\Install_AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Mom's PC\My Documents\Games and Cute Stuff\felix2.exe Win32/Joke.ScreenMate application (unable to clean) 00000000000000000000000000000000 I
E:\Program Files\Freescale\CodeWarrior for DSC56800E v8.2.3\ProcessorExpert\Tools\applications\bootloaders\srec_to_application_format.exe probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
E:\Program Files\Freescale\CodeWarrior for DSC56800E v8.2.3\ProcessorExpert\Tools\applications\bootloaders\srec_to_boot_format.exe probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\aHOopXyb.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\aHOopXyb.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\chwrfdkg.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\dsxmosdl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\eaedpgbg.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\exopsdlr.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\hkkjSvut.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\hkkjSvut.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\iiyhucli.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\jlUtBcfe.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\jlUtBcfe.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\mvruhpov.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\nnbsgxdl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\nprsvGgh.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\nprsvGgh.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\pac.txt.vir probably a variant of Win32/TrojanDownloader.Agent.JXCMRQU trojan (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\qeckjjxo.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\qpssYJlm.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\qpssYJlm.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\QsrCLkkj.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\QsrCLkkj.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\RtAaaGgh.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\RtAaaGgh.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\sDNoqtwa.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\sDNoqtwa.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\sxfkcddc.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\vwklksqy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\wseswihi.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\xhnamvfr.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\xonqswop.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\xygqymgv.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\XyJjmnnn.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\XyJjmnnn.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119886.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119887.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119888.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119889.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119890.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119891.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119892.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119893.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119894.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119895.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119896.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119897.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119898.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119899.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119900.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119901.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119902.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119903.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119904.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119905.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119906.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119907.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\System Volume Information\_restore{3CCA824E-BF90-4571-8EDF-F049CD992C0D}\RP1107\A0119908.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
E:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I
__________________
coast105 is offline  
Old 03-31-2011, 06:15 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,320
OS: XP SP3; Win7 32/64-bit



Hello again, Doug. Qoobox is ComboFix's quarantine folder. System Volume Information is where Windows keeps old system restore points. Both will get deleted when we uninstall ComboFix.

The felix2.exe, CodeWarrior, and PowerReg Scheduler.exe finds are probably OK if you installed them.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

cmd /c del /a/f/q "C:\Config.Msi\Documents and Settings\Douglas A. Coast\My Documents\Downloads\Install_AIM.exe"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 03-31-2011, 06:55 PM   #7
Registered Member
 
Join Date: Mar 2011
Location: Pittsburgh
Posts: 4
OS: Windows XP SP3



OK, Everything looks good now.
Thanks for the help!
__________________
coast105 is offline  
Old 03-31-2011, 07:25 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,320
OS: XP SP3; Win7 32/64-bit



You're welcome, coast105! Glad to have helped.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Brother's computer had a rootkit, was reformatted, and now it isn't working properly
I did not know whether to post this Virus/Trojan/Spyware Help or in Windows XP Support. I apologize if this is in the wrong place. This is not a problem with my own computer, but with my brother's. He and his family are staying with us for a while and I guess their computer got a rootkit. They...
Piper Resolved HJT Threads 35 01-31-2011 02:09 PM
USB sending computer into re-boot loop
Windows XP when plugging in Sierra wireless goes into re-boot loop if unplugged then boot up send error message comes up: C:\DOCUME~1\CC\LOCALS~1\Temp\WER696b.dir00\Mini033106-09.dmp C:\DOCUME~1\CC\LOCALS~1\Temp\WER696b.dir00\sysdata.xml if I disable reboot on error blue screen comes up...
Thielen Windows XP Support 2 01-21-2011 11:17 AM
Can't load hotmail, facebook, ebay etc. from any computer on network
Hi everyone, A few days ago no computer on my network could load some websites including facebook, hotmail, ebay and yahoo mail. For example, when trying to open hotmail.com the screen would just be white and it would say 'done' down the bottom left corner. I've tried IE8 and firefox. My...
whiten Internet Explorer Forum 4 01-07-2011 03:28 AM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:06 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts