Jump to content

StanB

Members
  • Content Count

    17
  • Joined

  • Last visited

About StanB

  • Rank
    Member
  1. Thanks for the links. I called Microsoft Update support today and they helped resolve the problem with the updates. I had to uninstall all of the .Net Framework components and reinstall them. Thanks again for your help removing the malware! I was afraid I would need to reinstall Windows and I was not looking forward to that.
  2. They were downloaded but did not install. I tried to install them again and they still fail to install. Here is the list of updates that fail to install. Microsoft Windows XP Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909) Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906) Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168) Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417) Microsoft SQL Server 2005 Security Update for SQL Server 2005 Service Pack 3 (KB970892) Is it time to contact Microsoft support for help with the updates? ** ActiveScan.txt ** ;*********************************************************************************************************************************************************************************** ANALYSIS: 2010-06-17 12:06:04 PROTECTIONS: 1 MALWARE: 9 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== avast! Antivirus 5.0.83886625 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00020994 W32/Bagle.pwdzip Virus No 0 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][info.zip] 00020994 W32/Bagle.pwdzip Virus No 0 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][info.zip] 00097492 W32/Netsky.J.worm Virus No 0 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][all_document.pif] 00098232 W32/Netsky.P.worm Virus No 0 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][message.scr] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\stan beson\cookies\stan [email protected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\stan beson\cookies\stan [email protected][2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\stan beson\cookies\stan [email protected][2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\stan beson\cookies\stan [email protected][2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\stan beson\cookies\stan [email protected][1].txt 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][mail_body.zip][file-packed_datainfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][mail_body.zip][file-packed_datainfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No c:\archive\sgi2[1].org-20070720_040828.tar[sgi2.org-site-sgi-1184922508.tgz][sgi2.org-site-sgi-1184922508][var/spool/mail/sgi][mail_body.zip][file-packed_datainfo.exe] ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 219647 HIGH MS10-018 ;=================================================================================================================================================================================== It looks like most of the problems are in email messages saved in a .tar file. I will delete the file since it is old and I don't need it any more. What about the MS10-018 vulnerability? Is it caused by one of the Microsoft updates that failed to install? What is Vulnerability MS10-018 http://www.pandasecu...?idvirus=219647 How to remove Vulnerability MS10-018 http://www.pandasecu...remove/MS10-018 Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182) http://www.microsoft...n/ms10-018.mspx
  3. Thank you very much for your help. I uninstalled ComboFix and ran OTC. A few of the critical Windows Updates failed to install. Because I was not able to access the updates for some time, there were more than 30 that needed to be installed. Monday I uninstalled all of the versions of Java on my computer and reinstalled the latest version. After I did that, the Kaspersky Online Scanner started in both IE and Firefox, but it stalled before completing the scan. It did find some problems even after I uninstalled ComboFix and ran OTC. Results of partial Kaspersky Online Scan Threats found: 6 Infected objects found: 7 Suspicious objects found: 3 The Kaspersky website has the following message. "The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience." That's probably why the scan stalls. Thanks again for your help in removing the malware.
  4. Yes, I have version 3.6.3 of Firefox. It looks like Kaspersky will run in Firefox on my computer, but I have not tried it yet. ** C:\Program Files\ESET\EsetOnlineScanner\log.txt ** [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fd2e2b1da701db498934a2ef48c87765 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-14 05:02:51 # local_time=2010-06-13 10:02:51 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777175 100 0 4170448 4170448 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=616 # found=0 # cleaned=0 # scan_time=25 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fd2e2b1da701db498934a2ef48c87765 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-06-14 09:28:43 # local_time=2010-06-14 02:28:43 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777191 100 0 4176191 4176191 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=126272 # found=1 # cleaned=0 # scan_time=10228 C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP700\A0111066.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
  5. There is an updated version that works with Firefox 3.6, however I updated IE instead of installing it. IE Tab 2 https://addons.mozil...ox/addon/92382/ I installed IE 8, but that did not fix the problem. For some reason there is a problem with Java in IE when I access the Kaspersky Online Scanner. "Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later." Java version 1.6.0_20 is installed on the computer. I checked the settings in IE and the Java Control Panel. The following are listed in Add or Remove Programs window: J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 5 Java™ 6 Update 20 Java™ 6 Update 5 Java™ 6 Update 7 The C:\Program Files\Java folder has the following folders: jre1.5.0_04 jre1.5.0_09 jre1.6.0_05 jre1.6.0_07 jre6 I will try to uninstall Java and reinstall it again. Do you have any other suggestions?
  6. I did not disable my virus protection before I ran OTM.exe. I hope that was not a mistake. While OTM.exe ran, Avast! moved a file. Here is the report. 6/12/2010 8:52:36 AM C:\Program Files\Apoint2K\Apoint.exe [L] Win32:Malware-gen (0) File was successfully moved to chest... * * avast! Real-time Shield Scan Report * This file is generated automatically * * Started on: Saturday, June 12, 2010 8:55:30 AM * ** start 06122010_085216.log ** All processes killed ========== FILES ========== File/Folder c:\windows\system32\drivers\vtuijpwj.sys not found. ========== SERVICES/DRIVERS ========== Service ltiu stopped successfully! Service ltiu deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2936317 bytes User: NetworkService ->Temp folder emptied: 98304 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 1036 bytes User: PHP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Stan Beson ->Temp folder emptied: 9606631 bytes ->Temporary Internet Files folder emptied: 6907285 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 55931122 bytes ->Flash cache emptied: 558 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9448 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2789376 bytes Total Files Cleaned = 75.00 mb OTM by OldTimer - Version 3.1.12.2 log created on 06122010_085216 Files moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_204.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... ** end 06122010_085216.log ** There is a problem running the Kaspersky Online Scanner using IE 6.0. It looks like I can run it using Firefox. Should I use Firefox or upgrade IE? I use IE 6.0 on this computer to test for web page browser compatibility problems, but if I need to upgrade to solve this virus problem I will do it. (edited to correct misspelled word)
  7. Is it okay to leave the firewall enabled while the Kaspersky Online Scanner runs?
  8. Was this file damaged by the virus? It is part of the FTP program I use for my school work that was recommended by my college. It is a non-commercial, non-expiring version and it was a free download when I installed it. I do not use it for commercial purposes per the license agreement. Please advise me what to do.
  9. I will be away from my computer and the Internet for the next two days. As soon as I get back I will continue. Thanks very much for all your help.
  10. My computer seems to be working better. Thanks for your assistance. I tried two Google searches and the browser was not redirected when I clicked on the search result links. Also I am now able to access Windows Updates. I will test it more later. ** ckfiles.txt ** CKScanner - Additional Security Risks - These are not necessarily bad c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe scanner sequence 3.NA.11 ----- EOF ----- ** ComboFix.txt ** ComboFix 10-06-08.02 - Stan Beson 06/09/2010 22:44:38.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.227 [GMT -7:00] Running from: c:\documents and settings\Stan Beson\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Stan Beson\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" "c:\windows\system32\1C3.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\McAfee c:\documents and settings\All Users\Application Data\McAfee\dspwrp\SmartMessaging.db c:\documents and settings\All Users\Application Data\McAfee\MBK\Exceptions.txt c:\documents and settings\All Users\Application Data\McAfee\MBK\MbkUsrPath c:\documents and settings\All Users\Application Data\McAfee\MBK\MonitorInfo.xml c:\documents and settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\MISP\mcupdate_1275973752\mcupdate_1275973752000.log c:\documents and settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak c:\documents and settings\All Users\Application Data\McAfee\MSC\mcini.ini c:\documents and settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat c:\program files\Common Files\Mcafee c:\program files\Common Files\Mcafee\Installer\mcinst.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\program files\McAfee . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 -------\Legacy_LiveUpdate_Notice_Service -------\Service_LiveUpdate Notice Service ((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))) . 2010-06-08 14:29 . 2010-06-08 14:29 -------- d-----w- C:\_OTM 2010-06-05 16:44 . 2010-06-05 16:44 -------- d-----w- c:\program files\Trend Micro 2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com 2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-04 16:27 . 2010-06-04 16:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-31 18:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 18:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 03:04 . 2010-05-31 17:18 -------- d-----w- c:\program files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 23:31 . 2010-06-04 16:28 63488 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-07 23:30 . 2010-06-04 16:28 117760 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-05 16:44 . 2010-06-05 16:44 388096 ----a-r- c:\documents and settings\Stan Beson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-04 16:28 . 2010-06-04 16:28 52224 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-31 18:13 . 2010-04-11 23:02 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\Malwarebytes 2010-05-31 18:12 . 2010-04-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-24 17:36 . 2010-05-24 17:36 503808 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcp71.dll 2010-05-24 17:36 . 2010-05-24 17:36 499712 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\jmc.dll 2010-05-24 17:35 . 2010-05-24 17:35 12800 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-d3d.dll 2010-05-24 17:35 . 2010-05-24 17:35 61440 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-sse.dll 2010-05-24 17:35 . 2010-05-24 17:35 348160 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcr71.dll 2010-05-22 03:34 . 2005-08-02 06:55 -------- d-----w- c:\program files\Easy Internet signup 2010-05-06 20:59 . 2010-04-25 22:35 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-04-25 22:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-04-25 22:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-04-25 22:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2010-04-25 22:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-04-25 22:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-04-25 22:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2010-04-25 22:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\program files\Alwil Software 2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-24 06:27 . 2010-04-24 06:27 -------- d-----w- c:\program files\Sophos 2010-04-20 15:05 . 2005-08-02 06:30 -------- d-----w- c:\program files\Common Files\Java 2010-04-20 15:03 . 2010-04-20 15:04 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-20 15:03 . 2005-08-02 06:30 -------- d-----w- c:\program files\Java 2010-04-17 05:50 . 2010-04-04 18:43 -------- d-----w- c:\program files\Lavasoft 2010-04-15 03:55 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 16:47 . 2010-04-25 22:35 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-12 02:30 . 2009-06-20 09:15 -------- d-----w- c:\program files\SiteAdvisor 2010-04-11 18:25 . 2005-08-02 06:59 -------- d-----w- c:\program files\Google 2010-04-04 19:12 . 2010-04-04 19:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2008-05-25 00:33 . 2008-05-25 00:32 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe 2009-06-17 06:27 . 2009-06-17 06:27 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-06-17 06:27 . 2009-06-17 06:27 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-06-17 06:27 . 2009-06-17 06:27 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] c:\documents and settings\Stan Beson\Start Menu\Programs\Startup\ AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2008-11-19 73728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-6-16 82026] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwuschd2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL Server R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 3:36 PM 164048] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 3:36 PM 19024] S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?] S2 pciinfo;HP Pci Information;\??\c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [12/4/2009 12:11 PM 17432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-05-22 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04] 2007-05-01 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 09:01] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - FF - plugin: c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-09 23:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?8?7??`???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3847439602-4269998751-1323973196-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(2088) c:\windows\system32\WPDShServiceObj.dll c:\program files\SmartFTP Client 2.0\smarthook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\SearchIndexer.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\Apoint2K\Apntex.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-06-09 23:09:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-10 06:09 ComboFix2.txt 2010-06-08 22:55 Pre-Run: 11,887,575,040 bytes free Post-Run: 11,746,635,776 bytes free - - End Of File - - A9F7AC70FA03408D53530A5631C5A966
  11. That file is not on my computer. I double checked the Folder Options settings to make sure they are set according to your instructions and they are. Should I complete the other instructions from your last message?
  12. ** ComboFix.txt ** ComboFix 10-06-08.02 - Stan Beson 06/08/2010 15:35:14.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.196 [GMT -7:00] Running from: c:\documents and settings\Stan Beson\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Stan Beson\g2mdlhlpx.exe c:\documents and settings\Stan Beson\Recent\ANTIGEN.sys c:\documents and settings\Stan Beson\Recent\DBOLE.tmp c:\documents and settings\Stan Beson\Recent\delfile.sys c:\documents and settings\Stan Beson\Recent\eb.tmp c:\documents and settings\Stan Beson\Recent\exec.drv c:\documents and settings\Stan Beson\Recent\exec.sys c:\documents and settings\Stan Beson\Recent\fix.drv c:\documents and settings\Stan Beson\Recent\kernel32.exe c:\documents and settings\Stan Beson\Recent\kernel32.tmp c:\documents and settings\Stan Beson\Recent\PE.drv c:\documents and settings\Stan Beson\Recent\PE.sys c:\documents and settings\Stan Beson\Recent\ppal.dll c:\documents and settings\Stan Beson\Recent\ppal.tmp c:\documents and settings\Stan Beson\Recent\runddlkey.sys c:\documents and settings\Stan Beson\Recent\SICKBOY.exe c:\documents and settings\Stan Beson\Recent\SM.exe c:\documents and settings\Stan Beson\Recent\std.sys c:\documents and settings\Stan Beson\Recent\tjd.tmp c:\program files\Mozilla Firefox\searchplugins\search.xml c:\windows\Downloaded Program Files\ODCTOOLS c:\windows\Tasks\cszsfqcj.job Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 ))))))))))))))))))))))))))))))) . 2010-06-08 14:29 . 2010-06-08 14:29 -------- d-----w- C:\_OTM 2010-06-05 16:44 . 2010-06-05 16:44 -------- d-----w- c:\program files\Trend Micro 2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com 2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-04 16:27 . 2010-06-04 16:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-31 18:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 18:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 03:04 . 2010-05-31 17:18 -------- d-----w- c:\program files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-08 14:13 . 2008-06-21 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-06-08 05:20 . 2010-04-12 02:22 -------- d-----w- c:\program files\McAfee 2010-06-08 05:18 . 2010-04-12 02:23 -------- d-----w- c:\program files\Common Files\Mcafee 2010-06-07 23:31 . 2010-06-04 16:28 63488 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-07 23:30 . 2010-06-04 16:28 117760 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-05 16:44 . 2010-06-05 16:44 388096 ----a-r- c:\documents and settings\Stan Beson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-04 16:28 . 2010-06-04 16:28 52224 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-31 18:13 . 2010-04-11 23:02 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\Malwarebytes 2010-05-31 18:12 . 2010-04-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-24 17:36 . 2010-05-24 17:36 503808 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcp71.dll 2010-05-24 17:36 . 2010-05-24 17:36 499712 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\jmc.dll 2010-05-24 17:35 . 2010-05-24 17:35 12800 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-d3d.dll 2010-05-24 17:35 . 2010-05-24 17:35 61440 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-sse.dll 2010-05-24 17:35 . 2010-05-24 17:35 348160 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcr71.dll 2010-05-22 03:34 . 2005-08-02 06:55 -------- d-----w- c:\program files\Easy Internet signup 2010-05-06 20:59 . 2010-04-25 22:35 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-04-25 22:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-04-25 22:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-04-25 22:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2010-04-25 22:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-04-25 22:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-04-25 22:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2010-04-25 22:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\program files\Alwil Software 2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-24 06:27 . 2010-04-24 06:27 -------- d-----w- c:\program files\Sophos 2010-04-20 15:05 . 2005-08-02 06:30 -------- d-----w- c:\program files\Common Files\Java 2010-04-20 15:03 . 2010-04-20 15:04 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-20 15:03 . 2005-08-02 06:30 -------- d-----w- c:\program files\Java 2010-04-17 05:50 . 2010-04-04 18:43 -------- d-----w- c:\program files\Lavasoft 2010-04-15 03:55 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 16:47 . 2010-04-25 22:35 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-12 02:30 . 2009-06-20 09:15 -------- d-----w- c:\program files\SiteAdvisor 2010-04-11 18:25 . 2005-08-02 06:59 -------- d-----w- c:\program files\Google 2010-04-04 19:12 . 2010-04-04 19:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2008-05-25 00:33 . 2008-05-25 00:32 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe 2009-06-17 06:27 . 2009-06-17 06:27 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-06-17 06:27 . 2009-06-17 06:27 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-06-17 06:27 . 2009-06-17 06:27 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] c:\documents and settings\Stan Beson\Start Menu\Programs\Startup\ AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2008-11-19 73728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-6-16 82026] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwuschd2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL Server R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 3:36 PM 164048] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 3:36 PM 19024] S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?] S2 pciinfo;HP Pci Information;\??\c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [12/4/2009 12:11 PM 17432] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1C3.tmp --> c:\windows\system32\1C3.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-05-22 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04] 2007-05-01 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 09:01] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - FF - plugin: c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-08 15:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?8?7??????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1C3.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3847439602-4269998751-1323973196-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44034FD7-1AAB-56DE-05376226E3E18762}\{E5927D01-F17A-5508-2A74EFC6C5188D90}\{F4E471EB-CB8D-E257-550ABC7FEB789AD1}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,44,d2,df, f1,16,69,51,c7,ad,b1,e3,48,96,f9,66,0c,88,32,22,b8,17,f2,ea,73,0d,08,cb,42,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59FD906B-7064-D511-A92C76967AEA497D}\{7BE5E469-8614-18F7-FB4A2951C2296B41}\{4CE5DCAA-16CA-BCB0-DF1B4E45E77E17F5}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2010-06-08 15:55:46 ComboFix-quarantined-files.txt 2010-06-08 22:55 Pre-Run: 11,949,334,528 bytes free Post-Run: 11,932,024,832 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - AAE48BF598E5E94FF430D2E0EFBC68A0
  13. The two problems are still here. I tried a Google search using Firefox and it was redirected to eyesmd.com and then a few seconds later redirected to 68.169.84.155. I can not access Windows Update. When I copied the URL from IE to Firefox, I got the following message. "The connection to the server was reset while the page was loading." The OTM log and new DDS.txt are included below. ** 06082010_072951.log ** All processes killed ========== FILES ========== File/Folder c:\windows\system32\nudewolu.dll not found. File/Folder c:\windows\system32\pumotozi.dll not found. File/Folder c:\windows\system32\tobamiwo.dll not found. File/Folder c:\windows\system32\drivers\vtuijpwj.sys not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security Guard not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security Guard not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 5750034 bytes User: NetworkService ->Temp folder emptied: 1867776 bytes ->Temporary Internet Files folder emptied: 26142759 bytes ->Flash cache emptied: 8590 bytes User: PHP ->Temp folder emptied: 2020 bytes ->Temporary Internet Files folder emptied: 34349 bytes ->FireFox cache emptied: 10735480 bytes ->Flash cache emptied: 405 bytes User: Stan Beson ->Temp folder emptied: 211088252 bytes ->Temporary Internet Files folder emptied: 13559227 bytes ->Java cache emptied: 83580034 bytes ->FireFox cache emptied: 78945239 bytes ->Flash cache emptied: 1201923 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 22333969 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49006539 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 70078 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 481.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.12.2 log created on 06082010_072951 Files moved on Reboot... File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_100.dat not found! File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... ** DDS.txt ** DDS (Ver_10-03-17.01) - NTFSx86 Run by Stan Beson at 7:41:46.37 on Tue 06/08/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.130 [GMT -7:00] AV: Security Guard *On-access scanning enabled* (Updated) {15963F2F-11E0-41F4-9077-8648C685CC01} AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Security Guard *enabled* {B0BB15C4-0E0D-49F9-B1A7-9BE247C8F539} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Stan Beson\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [McAfee Update] c:\docume~1\stanbe~1\locals~1\temp\mcupdate_1275973752.exe /syncfin c:\docume~1\stanbe~1\locals~1\temp\mcupdate_1275973753.ini mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iSW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\stanbe~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1246076119625 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195712640453 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL IFEO: image file execution options - svchost.exe ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\stanbe~1\applic~1\mozilla\firefox\profiles\qlwmisxj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\stan beson\application data\mozilla\firefox\profiles\qlwmisxj.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-25 164048] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-25 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384] S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?] S2 pciinfo;HP Pci Information;\??\c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?] S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-12-4 17432] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1c3.tmp --> c:\windows\system32\1C3.tmp [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-20 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-20 40552] S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-3 1251720] =============== Created Last 30 ================ 2010-06-08 14:29:51 0 d-----w- C:\_OTM 2010-06-05 16:44:37 0 d-----w- c:\program files\Trend Micro 2010-06-04 16:28:03 0 d-----w- c:\docume~1\stanbe~1\applic~1\SUPERAntiSpyware.com 2010-06-04 16:28:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-04 16:27:44 0 d-----w- c:\program files\SUPERAntiSpyware 2010-05-31 18:12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 18:12:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 18:12:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-25 17:57:13 1409 ----a-w- c:\windows\QTFont.for 2010-05-25 17:57:12 54156 ---ha-w- c:\windows\QTFont.qfn 2010-05-13 03:05:25 3254 ----a-w- c:\windows\system32\wbem\Outlook_01caf24921e170fc.mof ==================== Find3M ==================== 2010-04-22 20:45:23 161581 ----a-w- c:\windows\fonts\AdobeFnt.lst 2010-04-20 15:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys 2008-05-25 00:33:09 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe ============= FINISH: 7:43:14.81 =============== I don't know if it will help you or not, but I deleted C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe several weeks ago when I first noticed this problem. Thanks for your assistance.
  14. Thanks for the reply. I have removed McAfee using Add or Remove Programs. If I remember correctly, I uninstalled Symantec/Norton using Add or Remove Programs about a year ago, before I installed McAfee. In any event, Symantec/Norton is not in the Add or Remove Programs list now. There is still a "Norton 360" folder in the C:\Program Files directory, but the only two files in the folder are url.txt and urlhistory.txt. What do I need to do to remove Symantec/Norton completely? Also Security Guard is not in the Add or Remove Programs list.
  15. Thanks for the reply. ** Start of C:\WINDOWS\System32\drivers\etc\hosts ** # Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ** End of C:\WINDOWS\System32\drivers\etc\hosts ** I mostly use Firefox on this computer. I use IE to test browser compatibility of web pages. That is why I have not updated the program. My other computer has the current version of IE.
×
×
  • Create New...