Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Several rather annoying problems
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-20-2009, 10:41 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Several rather annoying problems
ok so im not the most computer savvy guy, but ive been looking around for help and this seems like a pretty reliable place, so ill give it a go.
Awhile ago i got the Antivirus pro (not sure which generation) virus. I used malware to get rid of it which worked out rather fine. After reboot however, i started getting an error everytime i run any program or thing that says "the application or DLL c:\windows\system32\nonowoda.dll is not a valid windows image. Please check this against your installation diskette". I have no idea what this means, but i went to system 32, made a backup of the file and got rid of it. The problem went away. Im not sure if this affects anything at all. Anyway, back to the main problem. Ive been getting alot of redirecteds when i internet browse ever since the virus and nothings picking it up. There is also no sound and errors like the one above appear from time to time.
so the problems im having are :
no sound
errors in system32 files
internet redirecting

I have a
windows xp
service package 2, and i dont think i have access to a boot cd or disc.
ive also attached the ark and attach file since im not clear on whether to add those or not.

thanks for the help guys.

Anyway heres the log


DDS (Ver_09-10-13.01) - NTFSx86
Run by Josh at 22:18:33.29 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.192 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ntbackup.exe
C:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0
uRun: [Advanced Virus Remover] c:\program files\advancedvirusremover\PAVRM.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [WTClient] WTClient.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [FinishOptions] c:\docume~1\josh\locals~1\temp\hpbinxst.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\josh\desktop\malwarebytes' anti-malware\xxxx.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {4cae8f97-24e2-4506-93e5-1d52d1a80ab1} - c:\windows\batmeter16.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: vihovimi.dll c:\windows\system32\nonowoda.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: dadajepir - {59abac3b-398e-4410-93b2-d3030e8c5c9f} - c:\windows\system32\nonowoda.dll
STS: tokatiluy: {59abac3b-398e-4410-93b2-d3030e8c5c9f} - c:\windows\system32\nonowoda.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli nanuvepo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\josh\applic~1\mozilla\firefox\profiles\m4xig3za.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\josh\application data\mozilla\firefox\profiles\m4xig3za.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-20 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-20 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-9-23 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-9-23 10752]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]

=============== Created Last 30 ================

2009-10-20 20:00 0 a------- c:\windows\system32\11478.exe
2009-10-20 19:59 <DIR> --d----- c:\docume~1\josh\applic~1\Malwarebytes
2009-10-20 19:41 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 19:41 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-20 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-20 19:40 0 a------- c:\windows\system32\15724.exe
2009-10-20 19:20 0 a------- c:\windows\system32\19169.exe
2009-10-20 19:00 0 a------- c:\windows\system32\26500.exe
2009-10-20 18:40 0 a------- c:\windows\system32\6334.exe
2009-10-20 17:28 0 a------- c:\windows\system32\18467.exe
2009-10-20 17:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 17:08 0 a------- c:\windows\system32\41.exe
2009-10-20 16:59 136 a------- C:\dtacmawh.dat
2009-10-20 16:57 113,664 a------- C:\qsdhs.exe
2009-10-12 22:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3 YPack Trial
2009-10-12 21:59 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-10-12 21:49 <DIR> --d----- c:\program files\Microsoft Games
2009-10-10 15:21 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-10-09 21:54 <DIR> --d----- c:\program files\Shared
2009-10-05 15:32 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-05 15:32 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-05 03:11 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-05 03:03 <DIR> --d----- c:\windows\ServicePackFiles
2009-10-05 03:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-10-04 03:13 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-10-04 03:12 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-10-04 03:12 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-10-04 03:09 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-04 03:09 23,040 -------- c:\windows\kb913800.exe
2009-10-04 03:05 202,752 -------- c:\windows\system32\dllcache\rmcast.sys
2009-10-04 03:05 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-04 03:05 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-10-04 03:05 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-10-04 03:05 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-10-04 03:05 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-10-04 03:04 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-10-04 03:03 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-10-04 03:03 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-10-04 03:03 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-10-04 03:02 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-10-04 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-10-04 00:37 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-10-04 00:37 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-10-04 00:37 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-10-04 00:37 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-10-04 00:36 <DIR> --d----- c:\windows\Logs
2009-10-04 00:36 <DIR> --d----- c:\program files\Heroes of Newerth
2009-10-03 21:05 274,288 a------- c:\windows\system32\mucltui.dll
2009-10-03 21:05 215,920 a------- c:\windows\system32\muweb.dll
2009-10-03 21:05 16,736 a------- c:\windows\system32\mucltui.dll.mui
2009-10-02 23:27 0 -------- c:\documents and settings\josh\jagex_runescape_preferences.dat
2009-10-02 23:27 <DIR> --d----- c:\windows\.jagex_cache_32
2009-10-01 16:59 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-10-01 16:59 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-10-01 16:59 <DIR> --d----- c:\program files\Cheat Engine
2009-09-29 20:25 <DIR> --d----- c:\program files\Electric Rain
2009-09-28 17:05 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-28 17:05 59,264 a------- c:\windows\system32\dllcache\usbaudio.sys
2009-09-28 17:05 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-28 17:05 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-09-24 15:57 101,309 a------- c:\windows\hpdj6800.hi1
2009-09-24 15:57 13,885 a------- c:\windows\hpdj6800.bu1
2009-09-24 15:57 13,503 a------- c:\windows\hpf6800m.hi1
2009-09-24 15:57 4,123 a------- c:\windows\hpf6800m.bu1
2009-09-23 22:51 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-09-23 22:51 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-09-23 22:51 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-09-23 22:48 87,553 a------- c:\windows\hpfins01.dat
2009-09-23 22:48 5,428 -------- c:\windows\hpfmdl03.dat
2009-09-23 22:47 139,345 a------- c:\windows\system32\hpzlnt12.dll
2009-09-23 22:46 168 a------- c:\windows\system32\AddPort.ini
2009-09-23 22:46 9,864 a----r-- c:\windows\system32\hptcpmui.hlp
2009-09-23 22:46 9,820 a----r-- c:\windows\system32\hpipxmui.hlp
2009-09-23 22:46 212,992 a----r-- c:\windows\system32\hptcpmui.dll
2009-09-23 22:46 3,399 a----r-- c:\windows\system32\hptcpmon.ini
2009-09-23 22:46 98,304 a----r-- c:\windows\system32\hpzjsn01.dll
2009-09-23 22:46 73,728 a----r-- c:\windows\system32\hptcpmib.dll
2009-09-23 22:46 28,672 a----r-- c:\windows\system32\hpzjfw01.dll
2009-09-23 22:46 110,592 a----r-- c:\windows\system32\hptcpmon.dll
2009-09-23 22:43 11,054 a------- c:\windows\hpdj6800.his
2009-09-23 22:43 1,597 a------- c:\windows\hpdj6800.ini
2009-09-23 22:42 8,782 a------- c:\windows\hpf6800m.his
2009-09-23 22:42 3,272 a------- c:\windows\hpf6800m.ini
2009-09-23 20:27 <DIR> --d----- c:\program files\TABLET
2009-09-22 21:22 <DIR> --d----- c:\program files\Lame for Audacity
2009-09-22 19:18 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-09-22 19:18 764,868 -------- c:\windows\system32\dllcache\apph_sp.sdb
2009-09-22 19:18 217,118 -------- c:\windows\system32\dllcache\apphelp.sdb
2009-09-22 19:17 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-09-22 19:14 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-20 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-09-20 22:28 <DIR> --d----- c:\program files\Viewpoint
2009-09-20 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-09-20 22:27 <DIR> --d----- c:\program files\common files\AOL
2009-09-20 22:27 <DIR> --d----- c:\program files\AIM6
2009-09-20 22:27 458 a---h--- C:\IPH.PH

==================== Find3M ====================

2009-09-20 18:33 1,728 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG272UA#ABA)_YN_0Pavi_QCNF64459T1_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M991_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060919_N14E44311_(RG272UA#ABA).MRK
2009-09-11 07:03 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:03 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 13:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 13:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 03:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 01:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-07 01:48 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 05:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 05:49 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 05:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 05:02 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 05:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 05:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2007-03-23 17:29 0 a--sh--- c:\windows\sminst\HPCD.SYS
2009-07-20 17:07 27,136 a--sh--- c:\windows\system32\durumiho.exe

============= FINISH: 22:22:14.21 ===============
Attached Files
File Type: zip attach.zip (4.8 KB, 1 views)
Last edited by joshisintrouble; 10-20-2009 at 10:43 PM.
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-23-2009, 01:41 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
bump please
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 04:31 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
Hello josh,

It will take more than one round to properly clean the system. Please stay with me until given the 'all clear', even if symptoms abate.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.

Open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.
    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.

====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 05:39 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
alright thanks, heres the log
ComboFix 09-10-22.01 - Josh 10/23/2009 19:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.585 [GMT -7:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh\ntuser.dll
c:\documents and settings\Josh\Start Menu\Programs\StartUp\scandisk.dll
c:\documents and settings\Josh\Start Menu\Programs\StartUp\scandisk.lnk
c:\documents and settings\NetworkService\ntuser.dll
c:\program files\Shared
c:\windows\batmeter16.dll
c:\windows\kb913800.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\calc.dll
c:\windows\system32\wbem\proquota.exe
D:\Autorun.inf

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-23 07:26 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Josh\Application Data\Viewpoint
2009-10-21 07:47 . 2009-10-21 07:47 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Identities
2009-10-21 02:59 . 2009-10-21 02:59 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 02:41 . 2009-10-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 00:21 . 2009-10-21 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 23:59 . 2009-10-20 23:59 136 ----a-w- C:\dtacmawh.dat
2009-10-20 18:37 . 2009-10-20 18:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-20 14:00 . 2009-10-20 14:00 -------- d-----w- c:\documents and settings\Josh\Application Data\AdobeUM
2009-10-20 13:58 . 2009-10-20 13:59 -------- d-----w- c:\program files\QuickTime
2009-10-20 13:58 . 2009-10-20 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Apple Software Update
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple Computer
2009-10-13 22:29 . 2009-10-13 22:29 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\AIM
2009-10-13 05:31 . 2009-10-13 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial
2009-10-13 04:59 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-13 04:49 . 2009-10-13 04:49 -------- d-----w- c:\program files\Microsoft Games
2009-10-11 04:50 . 2009-10-13 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 22:21 . 2009-10-10 22:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-05 22:32 . 2009-10-05 22:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 10:11 . 2009-10-05 10:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-05 10:03 . 2009-10-05 10:03 -------- d-----w- c:\windows\ServicePackFiles
2009-10-05 10:01 . 2009-10-05 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-10-04 10:13 . 2009-10-04 10:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-04 10:05 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-04 10:05 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-04 10:05 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-04 10:05 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-04 10:05 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-04 10:05 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-04 10:04 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-04 10:03 . 2009-08-26 08:16 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-04 10:03 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-04 10:03 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-04 10:02 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-04 07:37 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-04 07:37 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-04 07:36 . 2009-10-04 07:36 -------- d-----w- c:\windows\Logs
2009-10-04 07:36 . 2009-10-04 07:43 -------- d-----w- c:\program files\Heroes of Newerth
2009-10-04 04:05 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-04 04:05 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-03 06:27 . 2009-10-03 06:27 0 ------w- c:\documents and settings\Josh\jagex_runescape_preferences.dat
2009-10-03 06:27 . 2009-10-03 06:27 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-03 06:26 . 2009-10-03 06:26 -------- d-----w- c:\windows\Sun
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\QuickPlay
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Application Data\HP
2009-10-02 00:33 . 2009-10-02 00:33 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 00:33 . 2009-10-02 00:33 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Mozilla
2009-10-01 23:59 . 2007-12-27 00:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-10-01 23:59 . 2007-12-27 00:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-10-01 23:59 . 2009-10-20 22:50 -------- d-----w- c:\program files\Cheat Engine
2009-09-30 03:25 . 2009-09-30 03:25 -------- d-----w- c:\program files\Electric Rain
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-24 05:51 . 2009-09-24 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-24 05:51 . 2004-05-11 17:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2009-09-24 05:51 . 2004-05-11 17:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2009-09-24 05:51 . 2004-05-11 17:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2009-09-24 05:48 . 2009-09-24 05:52 87553 ----a-w- c:\windows\hpfins01.dat
2009-09-24 05:48 . 2004-03-17 13:11 5428 ------w- c:\windows\hpfmdl03.dat
2009-09-24 05:47 . 2004-06-25 23:54 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2009-09-24 05:46 . 2004-06-09 14:50 212992 ----a-r- c:\windows\system32\hptcpmui.dll
2009-09-24 05:46 . 2004-06-09 14:50 98304 ----a-r- c:\windows\system32\hpzjsn01.dll
2009-09-24 05:46 . 2004-06-09 14:50 28672 ----a-r- c:\windows\system32\hpzjfw01.dll
2009-09-24 05:46 . 2004-06-09 14:50 73728 ----a-r- c:\windows\system32\hptcpmib.dll
2009-09-24 05:46 . 2004-06-09 14:50 110592 ----a-r- c:\windows\system32\hptcpmon.dll
2009-09-24 03:27 . 2009-09-24 03:27 -------- d-----w- c:\program files\TABLET
2009-09-24 03:26 . 2009-03-04 19:04 69632 ----a-w- c:\windows\system32\drivers\WTSrv.exe
2009-09-24 03:26 . 2008-09-08 21:10 14848 ----a-w- c:\windows\system32\drivers\UCTblHid.sys
2009-09-24 03:26 . 2004-05-10 22:33 36864 ----a-w- c:\windows\system32\lhtool.exe
2009-09-24 03:26 . 2009-03-19 00:15 184320 ----a-w- c:\windows\system32\WinTab32.dll
2009-09-24 03:26 . 2009-03-05 04:16 282624 ----a-w- c:\windows\system32\tabcfg.exe
2009-09-24 03:26 . 2007-06-08 00:16 18944 ----a-w- c:\windows\system32\drivers\PTSimBus.sys
2009-09-24 03:26 . 2007-04-24 23:27 46080 ----a-w- c:\windows\system32\UCMfg.exe
2009-09-24 03:26 . 2007-04-23 22:28 18432 ----a-w- c:\windows\system32\drivers\TClass2k.sys
2009-09-24 03:26 . 2007-04-23 22:28 10752 ----a-w- c:\windows\system32\drivers\PTSimHid.sys
2009-09-24 03:26 . 2007-04-11 23:27 40960 ----a-w- c:\windows\system32\WTClient.exe
2009-09-24 03:26 . 2008-06-25 01:15 311296 ----a-w- c:\windows\SetupX32.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 01:19 . 2009-09-21 23:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-10-21 21:51 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee
2009-10-20 10:35 . 2006-09-19 22:05 106272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 10:17 . 2009-09-21 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-20 10:09 . 2006-09-19 22:31 -------- d-----w- c:\program files\Microsoft Works
2009-10-20 05:47 . 2009-09-23 02:17 -------- d-----w- c:\documents and settings\Josh\Application Data\Audacity
2009-10-17 03:30 . 2009-09-21 02:07 -------- d-----w- c:\program files\Starcraft
2009-10-13 05:01 . 2006-09-19 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 00:58 . 2009-09-21 04:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-06 00:49 . 2009-09-21 04:28 -------- d-----w- c:\program files\SiteAdvisor
2009-10-05 22:31 . 2006-09-19 20:58 -------- d-----w- c:\program files\Java
2009-09-24 05:52 . 2006-09-19 20:58 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-24 05:51 . 2006-09-19 20:58 -------- d-----w- c:\program files\HP
2009-09-23 04:22 . 2009-09-23 04:22 -------- d-----w- c:\program files\Lame for Audacity
2009-09-23 02:17 . 2009-09-23 02:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-09-23 02:16 . 2006-09-19 22:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-22 06:21 . 2009-09-21 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-22 06:05 . 2009-09-22 06:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-21 22:37 . 2009-09-21 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-21 22:35 . 2009-09-21 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\acccore
2009-09-21 22:35 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-09-21 07:32 . 2006-09-19 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-21 07:26 . 2009-09-21 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-21 05:33 . 2006-09-19 22:46 -------- d-----w- c:\program files\Yahoo!
2009-09-21 05:33 . 2009-09-21 05:33 -------- d-----w- c:\documents and settings\Josh\Application Data\Yahoo!
2009-09-21 05:28 . 2009-09-21 05:27 -------- d-----w- c:\program files\AIM6
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\program files\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\program files\Common Files\AOL
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee.com
2009-09-21 04:08 . 2009-09-21 04:08 -------- d-----w- c:\program files\MSBuild
2009-09-21 04:07 . 2009-09-21 04:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-09-21 03:36 . 2006-09-19 22:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-21 03:14 . 2009-09-21 03:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-21 02:32 . 2009-09-21 02:32 -------- d-----w- c:\program files\Google
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Symantec
2009-09-21 02:26 . 2006-09-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-21 01:35 . 2009-09-21 01:32 127 ------w- c:\documents and settings\Josh\Local Settings\Application Data\fusioncache.dat
2009-09-21 01:33 . 2009-09-21 01:33 1728 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG272UA#ABA)_YN_0Pavi_QCNF64459T1_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M991_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060919_N14E44311_(RG272UA#ABA).MRK
2009-09-21 01:10 . 2006-09-19 20:58 -------- d-----w- c:\program files\Windows Plus
2009-09-21 01:07 . 2006-09-19 22:40 -------- d-----w- c:\program files\WildTangent
2009-09-21 01:07 . 2006-09-19 22:34 -------- d-----w- c:\program files\Synaptics
2009-09-21 01:07 . 2006-09-19 20:58 -------- d-----w- c:\program files\Sonic
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quickensetup
2009-09-21 01:06 . 2006-09-19 22:29 -------- d-----w- c:\program files\RGB
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quicken
2009-09-21 01:05 . 2006-09-19 22:49 -------- d-----w- c:\program files\NetWaiting
2009-09-21 01:04 . 2006-09-19 22:47 -------- d-----w- c:\program files\Netscape
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\muvee Technologies
2009-09-21 01:04 . 2006-09-19 22:48 -------- d-----w- c:\program files\music_now
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-09-21 01:03 . 2006-09-19 22:30 -------- d-----w- c:\program files\Microsoft Money 2006
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\microsoft frontpage
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\HPQ
2009-09-21 01:03 . 2006-09-19 23:02 -------- d-----w- c:\program files\HP Rhapsody
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\GemMaster
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\ESPNMotion
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\EnglishOtto
2009-09-21 01:01 . 2006-09-19 22:30 -------- d-----w- c:\program files\Encarta Online
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\DivX
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\DIGStream
2009-09-21 01:01 . 2006-09-19 22:11 -------- d-----w- c:\program files\CONEXANT
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-21 01:01 . 2006-09-19 22:52 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-21 01:00 . 2006-09-19 23:04 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 01:00 . 2006-09-19 22:51 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Java
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-21 00:54 . 2006-09-19 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-21 00:54 . 2006-09-19 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-09-21 00:54 . 2009-09-21 01:32 -------- d-----w- c:\documents and settings\Josh\Application Data\Intuit
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2009-09-16 17:22 . 2009-09-21 04:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2009-07-08 20:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2009-09-21 04:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:03 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2006-03-16 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2007-03-24 00:29 . 2009-09-21 01:24 0 --sha-w- c:\windows\SMINST\HPCD.SYS
2009-07-21 00:07 . 2009-07-21 00:07 27136 --sha-w- c:\windows\system32\durumiho.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-21 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-21 122368]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\MAB.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/20/2009 9:28 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/20/2009 10:28 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [9/23/2009 8:26 PM 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [9/23/2009 8:26 PM 10752]
S2 0015231256161940mcinstcleanup;McAfee Application Installer Cleanup (0015231256161940);c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 1:39 PM 61952]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
USBDriver
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{507669ED-6877-41F4-866D-4A674AFFFB60}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\m4xig3za.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{59abac3b-398e-4410-93b2-d3030e8c5c9f} - c:\windows\system32\nonowoda.dll
SSODL-dadajepir-{59abac3b-398e-4410-93b2-d3030e8c5c9f} - c:\windows\system32\nonowoda.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 19:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\combofix\CF18312.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\msdtc.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WISPTIS.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 23:37

Pre-Run: 24,738,611,200 bytes free
Post-Run: 24,896,159,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 61DF4B660C46FB07C6C8FF89A259EF32
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 06:00 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
You're welcome. A bit more to do. :)


Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/424184-several-rather-annoying-problems.html#post2406769

Collect::
c:\windows\system32\durumiho.exe

File::
C:\dtacmawh.dat

MIA::
c:\windows\system32\proquota.exe
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 10:20 PM   #6 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
Ok so sorry it took so long, that computer scan took 3hrs.
heres the combofix and kaspersky results
Overall, things look alot better since the CF scan, i havent gotten redirected yet, and the sound appears to be working again. thank you so much so far.
I must ask tho, theres a file in the log saying "proquota.exe is missing" what does that mean and is it important? Other than that the system is working good. Thanks alot.

ComboFix 09-10-22.01 - Josh 10/23/2009 20:14.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.503 [GMT -7:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\dtacmawh.dat"

file zipped: c:\windows\system32\durumiho.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dtacmawh.dat
c:\windows\system32\durumiho.exe

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-23 07:26 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Josh\Application Data\Viewpoint
2009-10-21 07:47 . 2009-10-21 07:47 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Identities
2009-10-21 02:59 . 2009-10-21 02:59 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 02:41 . 2009-10-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 00:21 . 2009-10-21 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 18:37 . 2009-10-20 18:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-20 14:00 . 2009-10-20 14:00 -------- d-----w- c:\documents and settings\Josh\Application Data\AdobeUM
2009-10-20 13:58 . 2009-10-20 13:59 -------- d-----w- c:\program files\QuickTime
2009-10-20 13:58 . 2009-10-20 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Apple Software Update
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple Computer
2009-10-13 22:29 . 2009-10-13 22:29 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\AIM
2009-10-13 05:31 . 2009-10-13 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial
2009-10-13 04:59 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-13 04:49 . 2009-10-13 04:49 -------- d-----w- c:\program files\Microsoft Games
2009-10-11 04:50 . 2009-10-13 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 22:21 . 2009-10-10 22:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-05 22:32 . 2009-10-05 22:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 10:11 . 2009-10-05 10:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-05 10:03 . 2009-10-05 10:03 -------- d-----w- c:\windows\ServicePackFiles
2009-10-05 10:01 . 2009-10-05 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-10-04 10:13 . 2009-10-04 10:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-04 10:05 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-04 10:05 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-04 10:05 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-04 10:05 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-04 10:05 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-04 10:05 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-04 10:04 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-04 10:03 . 2009-08-26 08:16 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-04 10:03 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-04 10:03 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-04 10:02 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-04 07:37 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-04 07:37 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-04 07:36 . 2009-10-04 07:36 -------- d-----w- c:\windows\Logs
2009-10-04 07:36 . 2009-10-04 07:43 -------- d-----w- c:\program files\Heroes of Newerth
2009-10-04 04:05 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-04 04:05 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-03 06:27 . 2009-10-03 06:27 0 ------w- c:\documents and settings\Josh\jagex_runescape_preferences.dat
2009-10-03 06:27 . 2009-10-03 06:27 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-03 06:26 . 2009-10-03 06:26 -------- d-----w- c:\windows\Sun
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\QuickPlay
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Application Data\HP
2009-10-02 00:33 . 2009-10-02 00:33 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 00:33 . 2009-10-02 00:33 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Mozilla
2009-10-01 23:59 . 2007-12-27 00:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-10-01 23:59 . 2007-12-27 00:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-10-01 23:59 . 2009-10-20 22:50 -------- d-----w- c:\program files\Cheat Engine
2009-09-30 03:25 . 2009-09-30 03:25 -------- d-----w- c:\program files\Electric Rain
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-24 05:51 . 2009-09-24 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-24 05:51 . 2004-05-11 17:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2009-09-24 05:51 . 2004-05-11 17:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2009-09-24 05:51 . 2004-05-11 17:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2009-09-24 05:48 . 2009-09-24 05:52 87553 ----a-w- c:\windows\hpfins01.dat
2009-09-24 05:48 . 2004-03-17 13:11 5428 ------w- c:\windows\hpfmdl03.dat
2009-09-24 05:47 . 2004-06-25 23:54 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2009-09-24 05:46 . 2004-06-09 14:50 212992 ----a-r- c:\windows\system32\hptcpmui.dll
2009-09-24 05:46 . 2004-06-09 14:50 98304 ----a-r- c:\windows\system32\hpzjsn01.dll
2009-09-24 05:46 . 2004-06-09 14:50 28672 ----a-r- c:\windows\system32\hpzjfw01.dll
2009-09-24 05:46 . 2004-06-09 14:50 73728 ----a-r- c:\windows\system32\hptcpmib.dll
2009-09-24 05:46 . 2004-06-09 14:50 110592 ----a-r- c:\windows\system32\hptcpmon.dll
2009-09-24 03:27 . 2009-09-24 03:27 -------- d-----w- c:\program files\TABLET
2009-09-24 03:26 . 2009-03-04 19:04 69632 ----a-w- c:\windows\system32\drivers\WTSrv.exe
2009-09-24 03:26 . 2008-09-08 21:10 14848 ----a-w- c:\windows\system32\drivers\UCTblHid.sys
2009-09-24 03:26 . 2004-05-10 22:33 36864 ----a-w- c:\windows\system32\lhtool.exe
2009-09-24 03:26 . 2009-03-19 00:15 184320 ----a-w- c:\windows\system32\WinTab32.dll
2009-09-24 03:26 . 2009-03-05 04:16 282624 ----a-w- c:\windows\system32\tabcfg.exe
2009-09-24 03:26 . 2007-06-08 00:16 18944 ----a-w- c:\windows\system32\drivers\PTSimBus.sys
2009-09-24 03:26 . 2007-04-24 23:27 46080 ----a-w- c:\windows\system32\UCMfg.exe
2009-09-24 03:26 . 2007-04-23 22:28 18432 ----a-w- c:\windows\system32\drivers\TClass2k.sys
2009-09-24 03:26 . 2007-04-23 22:28 10752 ----a-w- c:\windows\system32\drivers\PTSimHid.sys
2009-09-24 03:26 . 2007-04-11 23:27 40960 ----a-w- c:\windows\system32\WTClient.exe
2009-09-24 03:26 . 2008-06-25 01:15 311296 ----a-w- c:\windows\SetupX32.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 01:19 . 2009-09-21 23:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-10-21 21:51 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee
2009-10-20 10:35 . 2006-09-19 22:05 106272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 10:17 . 2009-09-21 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-20 10:09 . 2006-09-19 22:31 -------- d-----w- c:\program files\Microsoft Works
2009-10-20 05:47 . 2009-09-23 02:17 -------- d-----w- c:\documents and settings\Josh\Application Data\Audacity
2009-10-17 03:30 . 2009-09-21 02:07 -------- d-----w- c:\program files\Starcraft
2009-10-13 05:01 . 2006-09-19 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 00:58 . 2009-09-21 04:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-06 00:49 . 2009-09-21 04:28 -------- d-----w- c:\program files\SiteAdvisor
2009-10-05 22:31 . 2006-09-19 20:58 -------- d-----w- c:\program files\Java
2009-09-24 05:52 . 2006-09-19 20:58 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-24 05:51 . 2006-09-19 20:58 -------- d-----w- c:\program files\HP
2009-09-23 04:22 . 2009-09-23 04:22 -------- d-----w- c:\program files\Lame for Audacity
2009-09-23 02:17 . 2009-09-23 02:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-09-23 02:16 . 2006-09-19 22:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-22 06:21 . 2009-09-21 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-22 06:05 . 2009-09-22 06:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-21 22:37 . 2009-09-21 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-21 22:35 . 2009-09-21 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\acccore
2009-09-21 22:35 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-09-21 07:32 . 2006-09-19 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-21 07:26 . 2009-09-21 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-21 05:33 . 2006-09-19 22:46 -------- d-----w- c:\program files\Yahoo!
2009-09-21 05:33 . 2009-09-21 05:33 -------- d-----w- c:\documents and settings\Josh\Application Data\Yahoo!
2009-09-21 05:28 . 2009-09-21 05:27 -------- d-----w- c:\program files\AIM6
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\program files\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\program files\Common Files\AOL
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee.com
2009-09-21 04:08 . 2009-09-21 04:08 -------- d-----w- c:\program files\MSBuild
2009-09-21 04:07 . 2009-09-21 04:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-09-21 03:36 . 2006-09-19 22:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-21 03:14 . 2009-09-21 03:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-21 02:32 . 2009-09-21 02:32 -------- d-----w- c:\program files\Google
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Symantec
2009-09-21 02:26 . 2006-09-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-21 01:35 . 2009-09-21 01:32 127 ------w- c:\documents and settings\Josh\Local Settings\Application Data\fusioncache.dat
2009-09-21 01:33 . 2009-09-21 01:33 1728 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG272UA#ABA)_YN_0Pavi_QCNF64459T1_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M991_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060919_N14E44311_(RG272UA#ABA).MRK
2009-09-21 01:10 . 2006-09-19 20:58 -------- d-----w- c:\program files\Windows Plus
2009-09-21 01:07 . 2006-09-19 22:40 -------- d-----w- c:\program files\WildTangent
2009-09-21 01:07 . 2006-09-19 22:34 -------- d-----w- c:\program files\Synaptics
2009-09-21 01:07 . 2006-09-19 20:58 -------- d-----w- c:\program files\Sonic
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quickensetup
2009-09-21 01:06 . 2006-09-19 22:29 -------- d-----w- c:\program files\RGB
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quicken
2009-09-21 01:05 . 2006-09-19 22:49 -------- d-----w- c:\program files\NetWaiting
2009-09-21 01:04 . 2006-09-19 22:47 -------- d-----w- c:\program files\Netscape
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\muvee Technologies
2009-09-21 01:04 . 2006-09-19 22:48 -------- d-----w- c:\program files\music_now
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-09-21 01:03 . 2006-09-19 22:30 -------- d-----w- c:\program files\Microsoft Money 2006
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\microsoft frontpage
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\HPQ
2009-09-21 01:03 . 2006-09-19 23:02 -------- d-----w- c:\program files\HP Rhapsody
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\GemMaster
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\ESPNMotion
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\EnglishOtto
2009-09-21 01:01 . 2006-09-19 22:30 -------- d-----w- c:\program files\Encarta Online
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\DivX
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\DIGStream
2009-09-21 01:01 . 2006-09-19 22:11 -------- d-----w- c:\program files\CONEXANT
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-21 01:01 . 2006-09-19 22:52 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-21 01:00 . 2006-09-19 23:04 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 01:00 . 2006-09-19 22:51 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Java
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-21 00:54 . 2006-09-19 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-21 00:54 . 2006-09-19 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-09-21 00:54 . 2009-09-21 01:32 -------- d-----w- c:\documents and settings\Josh\Application Data\Intuit
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2009-09-16 17:22 . 2009-09-21 04:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2009-07-08 20:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2009-09-21 04:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:03 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2006-03-16 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2007-03-24 00:29 . 2009-09-21 01:24 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-21 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-21 122368]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\MAB.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/20/2009 9:28 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/20/2009 10:28 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [9/23/2009 8:26 PM 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [9/23/2009 8:26 PM 10752]
S2 0015231256161940mcinstcleanup;McAfee Application Installer Cleanup (0015231256161940);c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 1:39 PM 61952]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
USBDriver
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{507669ED-6877-41F4-866D-4A674AFFFB60}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\m4xig3za.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 20:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-10-24 20:23
ComboFix-quarantined-files.txt 2009-10-24 03:23
ComboFix2.txt 2009-10-23 23:38

Pre-Run: 24,876,265,472 bytes free
Post-Run: 24,840,146,944 bytes free

- - End Of File - - 05865CF113A26DE07DB6042D0F1FBBDB
Upload was successful
Attached Files
File Type: txt Kesperdsky results.txt (1.0 KB, 1 views)
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 10:48 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
Hi josh,

Kaspersky is reporting backups that were created during the course of this fix. We'll tend to those shortly.

Open Notepad and copy/paste the contents inside the quote box below, into Notepad.

Quote:
PEV -l "%systemdrive%\proquota.ex*" >log.txt
start notepad log.txt
Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. Then post the log which it produces
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 11:20 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
----a-w- 26,379 2006-03-15 20:00:00 C:\I386\PROQUOTA.EX_
----a-w- 32,256 2006-03-16 04:00:00 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir
----a-w- 50,176 2008-04-14 00:12:32 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe

Entries: 3 (3)
Directories: 0 Files: 3
Bytes: 108,811 Blocks: 213
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 11:39 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
Open notepad and copy/paste the text in the code box below into it:

Quote:

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe | c:\windows\system32\proquota.exe
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt and an update on system behavior.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-24-2009, 12:00 AM   #10 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
So far my computer seems to be working fine on the outside. No problems.
heres the combofix.txt

ComboFix 09-10-22.01 - Josh 10/24/2009 1:48.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.592 [GMT -7:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 08:48 . 2009-10-24 08:48 -------- d-----w- c:\windows\LastGood
2009-10-24 08:48 . 2006-03-15 20:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-24 08:48 . 2006-03-15 20:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-23 07:26 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Josh\Application Data\Viewpoint
2009-10-21 07:47 . 2009-10-21 07:47 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Identities
2009-10-21 02:59 . 2009-10-21 02:59 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 02:41 . 2009-10-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 00:21 . 2009-10-21 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 18:37 . 2009-10-20 18:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-20 14:00 . 2009-10-20 14:00 -------- d-----w- c:\documents and settings\Josh\Application Data\AdobeUM
2009-10-20 13:58 . 2009-10-20 13:59 -------- d-----w- c:\program files\QuickTime
2009-10-20 13:58 . 2009-10-20 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\program files\Apple Software Update
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-20 13:57 . 2009-10-20 13:57 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Apple Computer
2009-10-13 22:29 . 2009-10-13 22:29 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\AIM
2009-10-13 05:31 . 2009-10-13 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial
2009-10-13 04:59 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-13 04:49 . 2009-10-13 04:49 -------- d-----w- c:\program files\Microsoft Games
2009-10-11 04:50 . 2009-10-13 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 22:21 . 2009-10-10 22:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-05 22:32 . 2009-10-05 22:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 10:11 . 2009-10-05 10:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-05 10:03 . 2009-10-05 10:03 -------- d-----w- c:\windows\ServicePackFiles
2009-10-05 10:01 . 2009-10-05 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-10-04 10:13 . 2009-10-04 10:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-04 10:12 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-04 10:05 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-04 10:05 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-04 10:05 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-04 10:05 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-04 10:05 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-04 10:05 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-04 10:04 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-04 10:03 . 2009-08-26 08:16 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-04 10:03 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-04 10:03 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-04 10:02 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-04 07:37 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-04 07:37 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-04 07:37 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-04 07:36 . 2009-10-04 07:36 -------- d-----w- c:\windows\Logs
2009-10-04 07:36 . 2009-10-04 07:43 -------- d-----w- c:\program files\Heroes of Newerth
2009-10-04 04:05 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-04 04:05 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-03 06:27 . 2009-10-03 06:27 0 ------w- c:\documents and settings\Josh\jagex_runescape_preferences.dat
2009-10-03 06:27 . 2009-10-03 06:27 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-03 06:26 . 2009-10-03 06:26 -------- d-----w- c:\windows\Sun
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\QuickPlay
2009-10-02 05:18 . 2009-10-02 05:18 -------- d-----w- c:\documents and settings\Josh\Application Data\HP
2009-10-02 00:33 . 2009-10-02 00:33 0 ----a-w- c:\windows\nsreg.dat
2009-10-02 00:33 . 2009-10-02 00:33 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Mozilla
2009-10-01 23:59 . 2007-12-27 00:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-10-01 23:59 . 2007-12-27 00:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-10-01 23:59 . 2009-10-20 22:50 -------- d-----w- c:\program files\Cheat Engine
2009-09-30 03:25 . 2009-09-30 03:25 -------- d-----w- c:\program files\Electric Rain
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-29 00:05 . 2004-08-04 06:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-29 00:05 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 07:42 . 2009-09-21 02:07 -------- d-----w- c:\program files\Starcraft
2009-10-24 01:19 . 2009-09-21 23:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-10-21 21:51 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee
2009-10-20 10:35 . 2006-09-19 22:05 106272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 10:17 . 2009-09-21 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-20 10:09 . 2006-09-19 22:31 -------- d-----w- c:\program files\Microsoft Works
2009-10-20 05:47 . 2009-09-23 02:17 -------- d-----w- c:\documents and settings\Josh\Application Data\Audacity
2009-10-13 05:01 . 2006-09-19 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 00:58 . 2009-09-21 04:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-06 00:49 . 2009-09-21 04:28 -------- d-----w- c:\program files\SiteAdvisor
2009-10-05 22:31 . 2006-09-19 20:58 -------- d-----w- c:\program files\Java
2009-09-24 05:52 . 2006-09-19 20:58 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-24 05:52 . 2009-09-24 05:48 87553 ----a-w- c:\windows\hpfins01.dat
2009-09-24 05:51 . 2009-09-24 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-24 05:51 . 2006-09-19 20:58 -------- d-----w- c:\program files\HP
2009-09-24 03:27 . 2009-09-24 03:27 -------- d-----w- c:\program files\TABLET
2009-09-23 04:22 . 2009-09-23 04:22 -------- d-----w- c:\program files\Lame for Audacity
2009-09-23 02:17 . 2009-09-23 02:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-09-23 02:16 . 2006-09-19 22:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-22 06:21 . 2009-09-21 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-22 06:05 . 2009-09-22 06:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-21 22:37 . 2009-09-21 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-21 22:35 . 2009-09-21 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\acccore
2009-09-21 22:35 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-09-21 07:32 . 2006-09-19 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-21 07:26 . 2009-09-21 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-21 05:33 . 2006-09-19 22:46 -------- d-----w- c:\program files\Yahoo!
2009-09-21 05:33 . 2009-09-21 05:33 -------- d-----w- c:\documents and settings\Josh\Application Data\Yahoo!
2009-09-21 05:28 . 2009-09-21 05:27 -------- d-----w- c:\program files\AIM6
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\program files\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-21 05:28 . 2009-09-21 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-21 05:27 . 2009-09-21 05:27 -------- d-----w- c:\program files\Common Files\AOL
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-21 04:25 . 2009-09-21 04:25 -------- d-----w- c:\program files\McAfee.com
2009-09-21 04:08 . 2009-09-21 04:08 -------- d-----w- c:\program files\MSBuild
2009-09-21 04:07 . 2009-09-21 04:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-09-21 03:36 . 2006-09-19 22:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-21 03:14 . 2009-09-21 03:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-21 02:32 . 2009-09-21 02:32 -------- d-----w- c:\program files\Google
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-21 02:27 . 2006-09-19 22:13 -------- d-----w- c:\program files\Symantec
2009-09-21 02:26 . 2006-09-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-21 01:35 . 2009-09-21 01:32 127 ------w- c:\documents and settings\Josh\Local Settings\Application Data\fusioncache.dat
2009-09-21 01:33 . 2009-09-21 01:33 1728 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG272UA#ABA)_YN_0Pavi_QCNF64459T1_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M991_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060919_N14E44311_(RG272UA#ABA).MRK
2009-09-21 01:10 . 2006-09-19 20:58 -------- d-----w- c:\program files\Windows Plus
2009-09-21 01:07 . 2006-09-19 22:40 -------- d-----w- c:\program files\WildTangent
2009-09-21 01:07 . 2006-09-19 22:34 -------- d-----w- c:\program files\Synaptics
2009-09-21 01:07 . 2006-09-19 20:58 -------- d-----w- c:\program files\Sonic
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quickensetup
2009-09-21 01:06 . 2006-09-19 22:29 -------- d-----w- c:\program files\RGB
2009-09-21 01:06 . 2006-09-19 22:51 -------- d-----w- c:\program files\Quicken
2009-09-21 01:05 . 2006-09-19 22:49 -------- d-----w- c:\program files\NetWaiting
2009-09-21 01:04 . 2006-09-19 22:47 -------- d-----w- c:\program files\Netscape
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\muvee Technologies
2009-09-21 01:04 . 2006-09-19 22:48 -------- d-----w- c:\program files\music_now
2009-09-21 01:04 . 2006-09-19 22:50 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-09-21 01:03 . 2006-09-19 22:30 -------- d-----w- c:\program files\Microsoft Money 2006
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\microsoft frontpage
2009-09-21 01:03 . 2006-09-19 20:58 -------- d-----w- c:\program files\HPQ
2009-09-21 01:03 . 2006-09-19 23:02 -------- d-----w- c:\program files\HP Rhapsody
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\GemMaster
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\ESPNMotion
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\EnglishOtto
2009-09-21 01:01 . 2006-09-19 22:30 -------- d-----w- c:\program files\Encarta Online
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\DivX
2009-09-21 01:01 . 2006-09-19 22:27 -------- d-----w- c:\program files\DIGStream
2009-09-21 01:01 . 2006-09-19 22:11 -------- d-----w- c:\program files\CONEXANT
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-21 01:01 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-21 01:01 . 2006-09-19 22:52 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2009-09-21 01:01 . 2006-09-19 22:50 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-21 01:00 . 2006-09-19 23:04 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 01:00 . 2006-09-19 22:51 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\Java
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 01:00 . 2006-09-19 20:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-21 00:54 . 2006-09-19 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-21 00:54 . 2006-09-19 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-09-21 00:54 . 2006-09-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-09-21 00:54 . 2009-09-21 01:32 -------- d-----w- c:\documents and settings\Josh\Application Data\Intuit
2009-09-21 00:54 . 2009-09-21 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-09-21 00:54 . 2006-09-19 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2009-09-16 17:22 . 2009-09-21 04:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2009-09-21 04:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2009-07-08 20:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2009-09-21 04:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:03 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2007-03-24 00:29 . 2009-09-21 01:24 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-10-24_02.29.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-24 07:36 . 2009-10-24 07:36 16384 c:\windows\temp\Perflib_Perfdata_1118.dat
+ 2006-09-19 22:12 . 2009-10-24 06:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-19 22:12 . 2009-10-24 02:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-24 06:50 . 2009-10-24 06:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-24 08:48 . 2008-04-14 00:12 50176 c:\windows\LastGood\system32\proquota.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-21 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-21 122368]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\MAB.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/20/2009 9:28 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/20/2009 10:28 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [9/23/2009 8:26 PM 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [9/23/2009 8:26 PM 10752]
S2 0015231256161940mcinstcleanup;McAfee Application Installer Cleanup (0015231256161940);c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001523~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 1:39 PM 61952]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
USBDriver
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{507669ED-6877-41F4-866D-4A674AFFFB60}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\m4xig3za.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 01:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-24 1:58
ComboFix-quarantined-files.txt 2009-10-24 08:57
ComboFix2.txt 2009-10-24 03:23
ComboFix3.txt 2009-10-23 23:38

Pre-Run: 24,429,244,416 bytes free
Post-Run: 24,837,246,976 bytes free

- - End Of File - - 56E6873335573E1AA4DAC4D8BA9F7870
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-24-2009, 12:07 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
Glad to hear that. :)

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.



- Most importantly, Think Prevention

-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-24-2009, 12:13 AM   #12 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP sp2


Re: Several rather annoying problems
Thank you so much for your help and time. I really appreciate it. Ill take your advice with the programs you suggested. thanks again!
joshisintrouble is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-24-2009, 12:14 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,109
OS: WinXP and Vista


Re: Several rather annoying problems
You're welcome.

Take care and enjoy the weekend.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:38 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85