ie browser search hijack

[dhammer]

My ie browser redirects when I click on a search choice in Google. McAfee and Malawarebytes haven't fixed this. Spybot didn't either, and it's name was attached to url redirects in my host file. I removed all of those from host file and its backup, but still have the hijack. Attached are my logs from TFC.exe and DDS. The iobit360 log wouldn't attach so I guess I have to post that separately. Your help would be greatly appreciated.

[dhammer]

iobit 360 log

 

Here is the iobit360 log.

Report.zip

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*****************************************************

Please do not attach your logs unless it's absolutely necessary. Copy and paste in your reply even if you have to make multiple replies.

I don't see the DDS logs.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[dhammer]

here are the logs

 

Thank you for helping me. Sorry I am so slow in getting these scans. I noticed that on the scan with Malawarbytes, even though there were no malicious items detected, it caused an error message (which I believe is false)to pop up on the task bar that warns of a corrupt file "\pagefile.sys is corrupt and unreadable. Please run the Chkdsk utility." I got that message when I had Spybot installed. Running checkdisk and other scans revealed something called Trojan.FakeAlert, but removing it never stopped the message or stopped the hijack.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/22/2011 at 11:17 PM

 

Application Version : 4.49.1000

 

Core Rules Database Version : 6455

Trace Rules Database Version: 4267

 

Scan type : Complete Scan

Total Scan Time : 01:17:07

 

Memory items scanned : 630

Memory threats detected : 0

Registry items scanned : 10105

Registry threats detected : 0

File items scanned : 36018

File threats detected : 5

 

Adware.Tracking Cookie

C:\Documents and Settings\David Hammer MA MFT\Cookies\david hammer ma mft@CA2F3U58.txt

C:\Documents and Settings\David Hammer MA MFT\Cookies\david_hammer_ma_mft@invitemedia[1].txt

C:\Documents and Settings\David Hammer MA MFT\Cookies\david_hammer_ma_mft@dmtracker[1].txt

C:\Documents and Settings\David Hammer MA MFT\Cookies\david_hammer_ma_mft@collective-media[1].txt

C:\Documents and Settings\David Hammer MA MFT\Cookies\david_hammer_ma_mft@serving-sys[1].txt

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5852

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2/23/2011 09:40:26 AM

mbam-log-2011-02-23 (09-40-26).txt

 

Scan type: Full scan (C:\|E:\|F:\|)

Objects scanned: 309356

Time elapsed: 2 hour(s), 3 minute(s), 20 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[dhammer]

DDS and TFC logs

 

 

[dhammer]

DDS and TFC logs

 

 

[Superdave]

Your DDS logs were too large to post in one thread. Please break them up and post them.

[dhammer]

pasted text disappears

 

 

 

I paste the logs from the scans but they disappear when posted to the web page, so now I'll try the "quick reply" to see if anything posts.

[dhammer]

DDS log

 

Thank you Dave !

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by David Hammer MA MFT at 18:17:45.90 on Mon 02/21/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1154 [GMT -8:00]

 

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\OEM02Mon.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\OBroker.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\David Hammer MA MFT\Local Settings\Temporary Internet Files\Content.IE5\463B0CKP\dds[1].scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210

uInternet Settings,ProxyOverride = 127.0.0.1

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [secure Online Account Numbers] c:\progra~1\discover\soan\DISCOV~1.EXE /dontopenmycards

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\davidh~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

 

============= SERVICES / DRIVERS ===============

 

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-29 214664]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-2-8 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-29 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-29 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-29 144704]

R2 XWMSMFP1;XWMSPAC;c:\windows\system32\drivers\xwmspac.sys [2001-10-9 31712]

R2 XWMSMFP2;XWMSPRO;c:\windows\system32\drivers\xwmspro.sys [2001-10-9 22828]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-29 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-29 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-29 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-29 40552]

S0 gtpa;gtpa;c:\windows\system32\drivers\dnqyr.sys --> c:\windows\system32\drivers\dnqyr.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-29 34248]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]

 

=============== Created Last 30 ================

 

2011-02-21 17:47:07 -------- d-----w- c:\windows\system32\winrm

2011-02-21 17:47:07 -------- d-----w- c:\windows\system32\GroupPolicy

2011-02-21 17:47:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-02-08 23:53:46 -------- d-----w- c:\docume~1\davidh~1\applic~1\IObit

2011-02-08 23:53:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-02-08 23:53:35 -------- d-----w- c:\program files\IObit

2011-02-07 21:22:54 -------- d-----w- C:\skin

2011-02-01 20:34:13 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-02-01 20:34:13 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

2011-02-01 20:25:25 273256 ------w- c:\windows\system32\HPDiscoPM5312.dll

2011-02-01 20:25:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_OJ8500_A910.dll

2011-02-01 20:25:11 264552 ----a-w- c:\windows\system32\hpinksts5312LM.dll

2011-02-01 20:25:11 232296 ----a-w- c:\windows\system32\hpinksts5312.dll

2011-02-01 20:25:11 213352 ----a-w- c:\windows\system32\hpinkcoi5312.dll

2011-01-31 21:16:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-01-30 03:30:08 -------- d-----w- c:\program files\PixiePack Codec Pack

2011-01-30 03:29:55 -------- d-----w- c:\program files\RapidSolution

2011-01-30 03:27:08 -------- d-----w- c:\program files\AudialsOne

2011-01-29 23:14:07 -------- d-----w- c:\program files\Audials

2011-01-29 23:11:20 -------- d-----w- c:\docume~1\davidh~1\applic~1\Philipp Winterberg

2011-01-29 22:01:35 86016 --sha-r- c:\windows\system32\BTXPPanelt.dll

2011-01-29 20:12:00 -------- d-----w- c:\docume~1\davidh~1\locals~1\applic~1\CrashRpt

2011-01-29 20:10:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\RapidSolution

2011-01-29 20:07:17 -------- d-----w- c:\docume~1\davidh~1\locals~1\applic~1\RapidSolution

 

==================== Find3M ====================

 

2011-02-20 18:19:15 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-17 03:57:57 203776 --sh--w- c:\windows\system32\unrar.exe

 

============= FINISH: 18:20:00.81 ===============

[dhammer]

TFC log

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\Harddisk0\DP(2)0x4e71400-0x1b4db4e200+2

Install Date: 12/15/2007 01:40:56 PM

System Uptime: 2/21/2011 03:53:10 PM (3 hours ago)

 

Motherboard: Dell Inc. | | 0WY040

Processor: Intel® Core2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 109 GiB total, 14.534 GiB free.

D: is CDROM ()

E: is FIXED (FAT) - 0 GiB total, 0.069 GiB free.

F: is FIXED (FAT32) - 2 GiB total, 0.86 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth LAN Access Server Driver

Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000

Manufacturer: Broadcom

Name: Bluetooth LAN Access Server Driver

PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000

Service: BTWDNDIS

 

==== System Restore Points ===================

 

RP1: 2/21/2011 10:15:18 AM - System Checkpoint

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

7500_7600_7700_Help

aaa

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.2.6

Advanced Audio FX Engine

Advanced Photo Editor

Advanced Video FX Engine

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

AT&T Yahoo! Applications

ATT-RemoteControl

Audials TV

AudialsOne

BPD_HPSU

BPD_Scan

BPDfax

BPDSoftware

BPDSoftware_Ini

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

BufferChm

Camedia Master 4.3

ClickFix for Adobe Audition version 3.01 (remove only)

Conexant HDA D330 MDC V.92 Modem

Cool Edit 2000

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Panorama1Config

cp_PosterPrintConfig

Critical Update for Windows Media Player 11 (KB959772)

CueTour

DeductionPro 2009

Dell Driver Download Manager

Dell Driver Reset Tool

Dell Support Center

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card Utility

Destinations

DeviceManagementQFolder

Digital Line Detect

DocProc

DocProcQFolder

DocumentViewer

DocumentViewerQFolder

eMusic Download Manager 4.1.3.1

eSupportQFolder

FTP Commander

FUJIFILM USB Driver

FullDPAppQFolder

Glary Registry Repair 2.9

Google Toolbar for Internet Explorer

GoToAssist 8.0.0.480

H&R Block California 2009

H&R Block Deluxe + Efile + State 2009

H&R Block Deluxe + Efile + State 2010

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 7.0

HP Document Viewer 7.0

HP Imaging Device Functions 7.0

HP Officejet Pro 8500 A910 Basic Device Software

HP Officejet Pro 8500 A910 Help

HP Officejet Pro All-In-One Series

HP Photosmart Essential

HP Photosmart Premier Software 6.5

HP Product Assistant

HP Solution Center 7.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

I.R.I.S. OCR

Icon Restore 1.0

InstantShareDevices

InstantShareDevicesMFC

IntelliSonic Speech Enhancement

IObit Security 360

J2SE Runtime Environment 5.0 Update 6

Jasc Paint Shop Pro Studio

Java Auto Updater

Java 6 Update 23

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

KeepV Flash Converter

L7500

Laptop Integrated Webcam Driver (1.03.02.0719)

LG USB Drivers

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Malwarebytes' Anti-Malware

McAfee SecurityCenter

MediaDirect

MediSoft Patient Accounting 5.66

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Modem Diagnostic Tool

MPM

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Myst III: Exile

Netscape Communicator 4.7

Netscape Navigator (9.0.0.6)

NetWaiting

NVIDIA Drivers

NVIDIA PhysX

Nvu 1.0

OCR Software by I.R.I.S 7.0

OLYMPUS CAMEDIA Master 4.3

OutlookAddinSetup

Pando Media Booster

PanoStandAlone

Pdf995 (installed by TaxCut)

PdfEdit995 (installed by TaxCut)

PhotoGallery

PixiePack Codec Pack

ProductContext

Quicken 2009

QuickSet

QuickTime

RandMap

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rhapsody

Rhapsody Player Engine

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Scan

SearchAssist

Secure Online Account Numbers

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

SkinsHP1

Skype™ 4.0

SlideShow

SolutionCenter

Sonic Activation Module

Sonic_PrimoSDK

Sony USB Driver

Spell Checker For OE 2.1

Status

TomTom HOME 2.5.2.60

Toolbox

TrayApp

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC_MergeModuleToMSI

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office X3 - Home Edition Software Bundle

WordPerfect Office X3 - Home Edition Task Manager

WordPerfect OfficeReady

WordPerfect® Office X3 - Home Edition

 

==== Event Viewer Messages From Past Week ========

 

2/21/2011 02:00:56 PM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:56 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2011 02:00:56 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2011 02:00:56 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.

2/21/2011 02:00:55 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:55 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:55 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:55 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:55 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

2/21/2011 02:00:55 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2011 02:00:55 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2011 02:00:55 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2011 02:00:55 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/17/2011 08:33:29 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .

2/17/2011 08:33:29 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .

2/17/2011 08:33:29 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

2/17/2011 07:47:34 AM, error: Dhcp [1002] - The IP address lease 192.168.100.110 for the Network Card with network address 001DD968EFB4 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

2/17/2011 03:11:40 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001DD968EFB4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

2/16/2011 01:08:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .

2/15/2011 11:27:23 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

2/15/2011 07:24:13 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

2/15/2011 03:20:17 PM, error: Print [6161] - The document ValueOp address.pdf owned by David Hammer MA MFT failed to print on printer HP Officejet Pro 8500 A910 (Network). Data type: NT EMF 1.008. Size of the spool file in bytes: 1703936. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DTRAVELER. Win32 error code returned by the print processor: 183 (0xb7).

2/14/2011 09:03:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/14/2011 09:03:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

2/14/2011 08:25:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

2/14/2011 08:23:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/14/2011 07:32:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

2/14/2011 07:31:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

2/14/2011 07:31:43 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

2/14/2011 07:31:43 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/14/2011 07:31:43 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

 

==== End Of File ===========================

[dhammer]

IObit360 log

 

I had sent this in error as a zipped attachment

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 16:11:51, on 2011-2-8

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\McAfee\MSC\mcmscsvc.exe

c:\Program Files\COMMON~1\mcafee\mna\mcnasvc.exe

c:\Program Files\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

c:\Program Files\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\OEM02Mon.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Discover\SOAN\DISCOV~1.EXE

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\OBroker.exe

C:\Program Files\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files\Discover\SOAN\DiscoverSOANToolbar.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [nwiz] nwiz.exe /installquiet

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [secure Online Account Numbers] C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE /dontopenmycards

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}YInstHelper.YInstStarter.1 - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}PCPitstop2.Exam.1 - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O23 - Service: Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - Unknown - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: GoToAssist (GoToAssist) - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate (LiveUpdate) - Unknown - C:\Program Files\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\Program Files\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\Program Files\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing (ProtexisLicensing) - Unknown - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RoxMediaDB9 (RoxMediaDB9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr (stllssvr) - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

[Superdave]

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and links posted for each one)

 

* Copy the file path in the below Code box:

 

c:\windows\system32\drivers\dnqyr.sys  

 

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

**********************************************

The free space on your C drive has dropped below the 15% required for Windows to run properly. You should find some way of transferring files/ programs off that hard drive. You could uninstall any unneeded programs or transfer some files/ pictures/ music or videos to DVD disks to free up some space.

 

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

Glary Registry Repair 2.9

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

 

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

 

Further reading: XP Fixes Myth #1: Registry Cleaners

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

 

Please download ComboFix from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

[dhammer]

1 not found, 1 done

 

I did not have a file by the name "dnqyr.sys" and I ran a search, but no results. Therefore I couldn't do the Jotti scan.

 

Here is the Security Check scan:

 

Results of screen317's Security Check version 0.99.9

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

McAfee SecurityCenter

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 8.2.6

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe

McAfee VIRUSS~1 mcsysmon.exe

``````````End of Log````````````

[dhammer]

combofix results

 

ComboFix 11-02-24.03 - David Hammer MA MFT 02/24/2011 22:51:03.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1363 [GMT -8:00]

Running from: c:\utilities\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\PCDr\5744\Downloads\687b8984-5b8f-48ca-81b2-53c017b82891.dll

c:\documents and settings\David Hammer MA MFT\GoToAssistDownloadHelper.exe

c:\windows\system32\17276.exe

c:\windows\system32\17583.exe

c:\windows\system32\18137.exe

c:\windows\system32\18423.exe

c:\windows\system32\20969.exe

c:\windows\system32\22198.exe

c:\windows\system32\26769.exe

c:\windows\system32\30529.exe

c:\windows\system32\30591.exe

c:\windows\system32\31465.exe

c:\windows\system32\6942.exe

c:\windows\system32\8180.exe

c:\windows\system32\973236862

c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK

c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK

 

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))

.

 

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- c:\windows\system32\winrm

2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- c:\windows\system32\GroupPolicy

2011-02-21 17:47 . 2011-02-21 17:47 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\IObit

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\program files\IObit

2011-02-07 21:22 . 2011-02-07 21:22 -------- d-----w- C:\skin

2011-02-01 20:34 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-02-01 20:34 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

2011-02-01 20:25 . 2010-06-15 00:04 273256 ------w- c:\windows\system32\HPDiscoPM5312.dll

2011-02-01 20:25 . 2010-06-14 19:58 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_OJ8500_A910.dll

2011-02-01 20:25 . 2010-06-14 19:58 264552 ----a-w- c:\windows\system32\hpinksts5312LM.dll

2011-02-01 20:25 . 2010-06-14 19:58 232296 ----a-w- c:\windows\system32\hpinksts5312.dll

2011-02-01 20:25 . 2010-06-14 19:58 213352 ----a-w- c:\windows\system32\hpinkcoi5312.dll

2011-01-31 21:16 . 2011-02-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-01-30 03:30 . 2011-01-30 03:30 -------- d-----w- c:\program files\PixiePack Codec Pack

2011-01-30 03:29 . 2011-01-30 03:29 -------- d-----w- c:\program files\RapidSolution

2011-01-29 23:14 . 2011-01-29 23:14 -------- d-----w- c:\program files\Audials

2011-01-29 23:11 . 2011-02-08 23:49 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\Philipp Winterberg

2011-01-29 22:01 . 2011-01-29 22:01 86016 --sha-r- c:\windows\system32\BTXPPanelt.dll

2011-01-29 20:12 . 2011-01-29 20:12 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Local Settings\Application Data\CrashRpt

2011-01-29 20:10 . 2011-01-30 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution

2011-01-29 20:07 . 2011-01-29 23:16 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Local Settings\Application Data\RapidSolution

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2004-08-10 18:51 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-10 18:50 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 18:51 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-21 02:09 . 2009-04-16 16:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2009-04-16 16:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 23:59 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2004-08-10 18:51 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec

2010-12-16 15:54 . 2006-10-18 11:00 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2010-12-09 15:15 . 2004-08-10 18:51 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-10 18:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2004-08-10 18:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-17 03:57 203776 --sh--w- c:\windows\system32\unrar.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]

"nwiz"="nwiz.exe" [2008-06-09 1630208]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-01 274608]

 

c:\documents and settings\David Hammer MA MFT\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-10 50688]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-01-09 22:45 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^David Hammer MA MFT^Start Menu^Programs^Startup^eFax 4.4.lnk]

backup=c:\windows\pss\eFax 4.4.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]

2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 23:50 54576 ----a-w- c:\program files\HP inkjet\HP Software Update\hpwuschd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-04-10 04:17 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-04-16 22:10 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 05:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 19:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-01-01 22:17 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 04:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XWMSUSBAPI]

2001-10-09 22:09 45056 ----a-w- c:\windows\system32\drivers\xwmsapi.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RoxWatch9"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\WebLoad\\WS_FTP95.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"56797:TCP"= 56797:TCP:Pando Media Booster

"56797:UDP"= 56797:UDP:Pando Media Booster

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [2/8/2011 03:53 PM 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/29/2009 02:48 PM 93320]

R2 XWMSMFP1;XWMSPAC;c:\windows\system32\drivers\xwmspac.sys [10/9/2001 02:10 PM 31712]

R2 XWMSMFP2;XWMSPRO;c:\windows\system32\drivers\xwmspro.sys [10/9/2001 02:10 PM 22828]

S0 gtpa;gtpa;c:\windows\system32\drivers\dnqyr.sys --> c:\windows\system32\drivers\dnqyr.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 10:51 AM 14336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-17 03:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2011-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

 

2010-06-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-29 19:22]

 

2011-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-29 19:22]

 

2011-02-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

 

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2956238909-2091042218-426631039-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

 

2011-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2956238909-2091042218-426631039-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

 

2011-02-25 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

 

 

 

**************************************************************************

 

disk not found C:\

 

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2956238909-2091042218-426631039-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(860)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

c:\windows\system32\midimap.dll

.

Completion time: 2011-02-24 23:05:15

ComboFix-quarantined-files.txt 2011-02-25 07:05

 

Pre-Run: 18,392,391,680 bytes free

Post-Run: 18,461,855,744 bytes free

 

- - End Of File - - A27F1FE0F98B07358B6C8E06064C79E9

[Superdave]

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

4. Run CCleaner.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

**********************************************

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

*****************************************************

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
   
  File::
  c:\windows\system32\drivers\dnqyr.sys
   
  DDS::
  Trusted Zone: internet
  Trusted Zone: mcafee.com
   
  Driver::
  gtpa
  MBR::
   
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[dhammer]

which cleaner?

 

When you wrote "4. Run CCleaner." after exiting the Java cleaner, I didn't know what this is. Should I still do this before running Combo Fix again?

[dhammer]

browser crashes

 

Also IE crashes when I try to download Adobe 10 from the website. Did I mess up by removing Ver8.8 first? I disabled McAfee and the other protections, including removing McAfee processes in the Task Manager.

[dhammer]

got Adobe

 

Re-started my computer, then used another browser to get Adobe.

 

In the Control Panel listing of "Add Programs" I noticed there is still a listing for an installed program of "aaa" with the Java symbol, by publisher "bbb" and with comments "ccc".

 

So I guess I'm ready to run CCleaner if there is a link for that.

 

 

EDIT:

Here it is: http://www.piriform.com/ccleaner/download

[Superdave]

Also IE crashes when I try to download Adobe 10 from the website. Did I mess up by removing Ver8.8 first? I disabled McAfee and the other protections, including removing McAfee processes in the Task Manager.

Don't worry about it now. We'll try again later.

After you run Ccleaner, please run the ComboFix script and post the log.

[dhammer]

combofix log

 

Despite unchecking all the monitoring aspects of McAfee antivirus and closing the processes in Task Manager, ComboFix still showed antivirus running.

 

Here is the log:

 

ComboFix 11-02-24.03 - David Hammer MA MFT 02/27/2011 8:16.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1368 [GMT -8:00]

Running from: c:\utilities\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))

.

 

2011-02-27 15:01 . 2011-02-27 15:02 -------- d-----w- c:\program files\CCleaner

2011-02-26 15:01 . 2011-02-26 15:01 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-23 05:52 . 2011-02-23 05:52 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- c:\windows\system32\winrm

2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- c:\windows\system32\GroupPolicy

2011-02-21 17:47 . 2011-02-21 17:47 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\IObit

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-02-08 23:53 . 2011-02-08 23:53 -------- d-----w- c:\program files\IObit

2011-02-07 21:22 . 2011-02-07 21:22 -------- d-----w- C:\skin

2011-02-01 20:34 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-02-01 20:34 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

2011-02-01 20:25 . 2010-06-15 00:04 273256 ------w- c:\windows\system32\HPDiscoPM5312.dll

2011-02-01 20:25 . 2010-06-14 19:58 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_OJ8500_A910.dll

2011-02-01 20:25 . 2010-06-14 19:58 264552 ----a-w- c:\windows\system32\hpinksts5312LM.dll

2011-02-01 20:25 . 2010-06-14 19:58 232296 ----a-w- c:\windows\system32\hpinksts5312.dll

2011-02-01 20:25 . 2010-06-14 19:58 213352 ----a-w- c:\windows\system32\hpinkcoi5312.dll

2011-01-31 21:16 . 2011-02-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-01-30 03:30 . 2011-01-30 03:30 -------- d-----w- c:\program files\PixiePack Codec Pack

2011-01-30 03:29 . 2011-01-30 03:29 -------- d-----w- c:\program files\RapidSolution

2011-01-29 23:14 . 2011-01-29 23:14 -------- d-----w- c:\program files\Audials

2011-01-29 23:11 . 2011-02-08 23:49 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Application Data\Philipp Winterberg

2011-01-29 22:01 . 2011-01-29 22:01 86016 --sha-r- c:\windows\system32\BTXPPanelt.dll

2011-01-29 20:12 . 2011-01-29 20:12 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Local Settings\Application Data\CrashRpt

2011-01-29 20:10 . 2011-01-30 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution

2011-01-29 20:07 . 2011-01-29 23:16 -------- d-----w- c:\documents and settings\David Hammer MA MFT\Local Settings\Application Data\RapidSolution

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-03 05:40 . 2010-04-22 14:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 03:19 . 2007-12-15 21:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44 . 2004-08-10 18:51 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-10 18:50 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 18:51 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-21 02:09 . 2009-04-16 16:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2009-04-16 16:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 23:59 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2004-08-10 18:51 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec

2010-12-16 15:54 . 2006-10-18 11:00 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2010-12-09 15:15 . 2004-08-10 18:51 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-10 18:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2004-08-10 18:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-17 03:57 203776 --sh--w- c:\windows\system32\unrar.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2011-02-25_07.02.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-27 16:12 . 2011-02-27 16:12 16384 c:\windows\Temp\Perflib_Perfdata_758.dat

- 2011-02-22 02:09 . 2011-02-25 03:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-22 02:09 . 2011-02-27 14:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-15 21:24 . 2011-02-27 14:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-12-15 21:24 . 2011-02-25 03:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-02-25 17:06 . 2011-02-27 14:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-12-18 21:32 . 2011-02-24 15:29 29809 c:\windows\nsreg.dat

+ 2007-12-18 21:32 . 2011-02-26 00:38 29809 c:\windows\nsreg.dat

+ 2011-02-26 15:01 . 2011-02-26 15:01 28160 c:\windows\Installer\30a2604.msi

+ 2010-11-10 20:49 . 2010-11-10 20:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll

- 2010-12-23 05:08 . 2010-11-13 02:53 157472 c:\windows\system32\javaws.exe

+ 2011-02-25 20:44 . 2011-02-03 05:40 157472 c:\windows\system32\javaws.exe

- 2010-12-23 05:08 . 2010-11-13 02:53 145184 c:\windows\system32\javaw.exe

+ 2011-02-25 20:44 . 2011-02-03 05:40 145184 c:\windows\system32\javaw.exe

+ 2011-02-25 20:44 . 2011-02-03 05:40 145184 c:\windows\system32\java.exe

- 2010-12-23 05:08 . 2010-11-13 02:53 145184 c:\windows\system32\java.exe

+ 2010-08-12 04:57 . 2011-02-27 14:56 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat

- 2010-08-12 04:57 . 2011-02-25 03:52 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2011-02-25 20:44 . 2011-02-25 20:44 180224 c:\windows\Installer\2fdec66.msi

+ 2010-11-10 20:49 . 2010-11-10 20:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll

+ 2011-02-26 15:04 . 2011-02-26 15:04 2283008 c:\windows\Installer\30a26c0.msi

+ 2010-11-10 20:49 . 2010-11-10 20:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll

+ 2010-11-10 20:49 . 2010-11-10 20:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe

+ 2010-11-10 20:49 . 2010-11-10 20:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe

+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\30a26c1.msp

+ 2010-11-10 20:49 . 2010-11-10 20:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]

"nwiz"="nwiz.exe" [2008-06-09 1630208]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-01 274608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

 

c:\documents and settings\David Hammer MA MFT\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-10 50688]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-01-09 22:45 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^David Hammer MA MFT^Start Menu^Programs^Startup^eFax 4.4.lnk]

backup=c:\windows\pss\eFax 4.4.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 20:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]

2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 23:50 54576 ----a-w- c:\program files\HP inkjet\HP Software Update\hpwuschd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-04-10 04:17 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-04-16 22:10 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 05:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 19:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-01-01 22:17 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 04:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XWMSUSBAPI]

2001-10-09 22:09 45056 ----a-w- c:\windows\system32\drivers\xwmsapi.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RoxWatch9"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP inkjet\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\WebLoad\\WS_FTP95.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"56797:TCP"= 56797:TCP:Pando Media Booster

"56797:UDP"= 56797:UDP:Pando Media Booster

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [2/8/2011 03:53 PM 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/29/2009 02:48 PM 93320]

R2 XWMSMFP1;XWMSPAC;c:\windows\system32\drivers\xwmspac.sys [10/9/2001 02:10 PM 31712]

R2 XWMSMFP2;XWMSPRO;c:\windows\system32\drivers\xwmspro.sys [10/9/2001 02:10 PM 22828]

S0 gtpa;gtpa;c:\windows\system32\drivers\dnqyr.sys --> c:\windows\system32\drivers\dnqyr.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 10:51 AM 14336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-17 03:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

 

2010-06-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-29 19:22]

 

2011-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-29 19:22]

 

2011-02-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

 

2011-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2956238909-2091042218-426631039-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

 

2011-02-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2956238909-2091042218-426631039-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

 

2011-02-27 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

 

 

**************************************************************************

 

disk not found C:\

 

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2956238909-2091042218-426631039-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(856)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\documents and settings\David Hammer MA MFT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

.

Completion time: 2011-02-27 08:30:37

ComboFix-quarantined-files.txt 2011-02-27 16:30

ComboFix2.txt 2011-02-25 07:05

 

Pre-Run: 18,451,099,648 bytes free

Post-Run: 18,435,809,280 bytes free

 

- - End Of File - - A70C66AB0A0B63EC86420B892C3AAB7D

[Superdave]

No. You need to run the ComboFix Script as instructed in Reply # 15. Please do that and post the log.

[dhammer]

confused

 

I DID create the script file in the same directory as ComboFix. After I double-click on ComboFix.exe, are you saying there is a way to drag that file onto the little blue window that opens?

 

Are you saying something about McAfee? There is NO OPTION to disable when I right-click on the taskbar icon. So I open it and disable the 4 types of protection it has, creating an X over the icon. When Combofix warns it is still running, I go to the Task Manager and disable 3 or 4 processes (sometimes I have to do it repeatedly) that I think are part of McAfee, but ComboFix still warns it is running. Is there something else I should be doing?

[Superdave]

You didn't follow the instructions about saving ComboFix. Please uninstall your copy of Combofix and then download and install ComboFix on your desktop. Then run the script in Reply # 15. You will have no trouble dragging the script into ComboFix.

 

Please download ComboFix from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

[dhammer]

serious problem

 

I removed ComboFix from my computer and downloaded it again to my desktop. I was able to get McAfee disabled and when ComboFix ran it indicated it needed to reboot the computer due to Rootkit activity. However, that caused the blue screen of death. It said BAD_POOL_CALLER

STOP: 0x000000C2. When I restarted my computer and ran ComboFix again, it went to that same blue screen error.

 

Yikes!

[dhammer]

also

 

I removed ComboFix from my computer and downloaded it again to my desktop. I was able to get McAfee disabled and when ComboFix ran it indicated it needed to reboot the computer due to Rootkit activity. However, that caused the blue screen of death. It said BAD_POOL_CALLER

STOP: 0x000000C2. When I restarted my computer and ran ComboFix again, it went to that same blue screen error.

 

Yikes!

 

Also I was able to drop the CFScript.txt file onto the blue window when it opened and saw a + sign as I did so. I noticed that both times it then created a system restore point.