I have spent the better part of a day trying to figure out what's going on with this computer.I am sure it's a virus. I can't install my printer. I keep getting error messages and my McAfee says to reboot each time I try.
jsmith6752 0 Light Poster
The attachment preview is chopped off after the first 10 KB. Please download the entire file.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2005 12:01:19 PM
System Uptime: 11/21/2010 6:47:48 PM (1 hours ago)
Motherboard: MICRO-STAR | | MS-7145
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 2193/199mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 150 GiB total, 96.946 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 0.846 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: photosmart 7350
Device ID: DOT4PRT\VID_03F0&PID_3C02&DOT4&PRINT_HPHI11\8&351AE1B1&0&1
Manufacturer:
Name: photosmart 7350
PNP Device ID: DOT4PRT\VID_03F0&PID_3C02&DOT4&PRINT_HPHI11\8&351AE1B1&0&1
Service:
==== System Restore Points ===================
RP597: 8/24/2010 11:43:32 AM - System Checkpoint
RP598: 8/25/2010 11:56:03 AM - System Checkpoint
RP599: 8/26/2010 1:43:33 PM - System Checkpoint
RP600: 8/27/2010 3:43:32 PM - System Checkpoint
RP601: 9/2/2010 10:55:18 PM - System Checkpoint
RP602: 9/3/2010 11:43:35 PM - System Checkpoint
RP603: 9/5/2010 1:43:24 AM - System Checkpoint
RP604: 9/6/2010 3:43:24 AM - System Checkpoint
RP605: 9/7/2010 10:57:54 PM - System Checkpoint
RP606: 9/8/2010 11:38:07 PM - System Checkpoint
RP607: 9/10/2010 7:23:18 AM - System Checkpoint
RP608: 9/11/2010 3:37:09 PM - System Checkpoint
RP609: 9/12/2010 5:59:56 PM - System Checkpoint
RP610: 9/13/2010 8:35:02 PM - System Checkpoint
RP611: 9/14/2010 10:49:28 PM - System Checkpoint
RP612: 9/15/2010 11:12:29 PM - System Checkpoint
RP613: 9/17/2010 6:48:44 PM - Software Distribution Service 3.0
RP614: 9/18/2010 9:52:42 PM - System Checkpoint
RP615: 9/19/2010 10:57:54 PM - System Checkpoint
RP616: 9/20/2010 11:12:16 PM - System Checkpoint
RP617: 9/22/2010 12:40:09 AM - System Checkpoint
RP618: 9/23/2010 2:40:09 AM - System Checkpoint
RP619: 9/24/2010 4:34:03 AM - System Checkpoint
RP620: 9/25/2010 6:34:07 AM - System Checkpoint
RP621: 9/26/2010 10:34:23 AM - System Checkpoint
RP622: 9/27/2010 12:34:06 PM - System Checkpoint
RP623: 9/28/2010 1:20:12 PM - System Checkpoint
RP624: 9/28/2010 9:53:57 PM - Software Distribution Service 3.0
RP625: 9/30/2010 12:43:47 AM - System Checkpoint
RP626: 10/1/2010 2:33:37 AM - System Checkpoint
RP627: 10/2/2010 4:33:38 AM - System Checkpoint
RP628: 10/3/2010 7:55:43 AM - System Checkpoint
RP629: 10/4/2010 8:33:42 AM - System Checkpoint
RP630: 10/5/2010 8:44:34 AM - System Checkpoint
RP631: 10/6/2010 10:44:34 AM - System Checkpoint
RP632: 10/7/2010 12:44:38 PM - System Checkpoint
RP633: 10/7/2010 2:27:08 PM - Software Distribution Service 3.0
RP634: 10/7/2010 9:31:48 PM - Software Distribution Service 3.0
RP635: 10/8/2010 9:47:41 PM - System Checkpoint
RP636: 10/9/2010 11:46:35 PM - System Checkpoint
RP637: 10/11/2010 1:46:36 AM - System Checkpoint
RP638: 10/12/2010 1:47:41 AM - System Checkpoint
RP639: 10/13/2010 3:46:37 AM - System Checkpoint
RP640: 10/14/2010 5:46:35 AM - System Checkpoint
RP641: 10/15/2010 7:47:54 AM - System Checkpoint
RP642: 10/15/2010 8:05:47 PM - Software Distribution Service 3.0
RP643: 10/16/2010 9:46:30 PM - System Checkpoint
RP644: 10/17/2010 10:28:20 AM - Installed DirectX
RP645: 10/18/2010 10:44:58 AM - System Checkpoint
RP646: 10/19/2010 12:44:58 PM - System Checkpoint
RP647: 10/20/2010 2:17:14 PM - System Checkpoint
RP648: 10/21/2010 4:17:14 PM - System Checkpoint
RP649: 10/22/2010 6:17:12 PM - System Checkpoint
RP650: 10/23/2010 6:18:15 PM - System Checkpoint
RP651: 10/24/2010 8:17:14 PM - System Checkpoint
RP652: 10/25/2010 9:10:31 PM - System Checkpoint
RP653: 10/26/2010 11:56:02 PM - System Checkpoint
RP654: 10/28/2010 12:18:06 AM - System Checkpoint
RP655: 10/29/2010 2:17:02 AM - System Checkpoint
RP656: 10/30/2010 2:21:37 AM - System Checkpoint
RP657: 10/31/2010 4:18:06 AM - System Checkpoint
RP658: 11/3/2010 5:34:38 PM - System Checkpoint
RP659: 11/4/2010 6:19:39 PM - System Checkpoint
RP660: 11/5/2010 9:02:25 PM - System Checkpoint
RP661: 11/6/2010 9:14:48 PM - Configured Google SketchUp 6
RP662: 11/6/2010 9:17:03 PM - Installed Google SketchUp 8
RP663: 11/7/2010 9:19:37 PM - System Checkpoint
RP664: 11/8/2010 11:33:40 PM - System Checkpoint
RP665: 11/10/2010 1:19:37 AM - System Checkpoint
RP666: 11/11/2010 1:34:07 AM - System Checkpoint
RP667: 11/12/2010 3:19:37 AM - System Checkpoint
RP668: 11/13/2010 5:19:36 AM - System Checkpoint
RP669: 11/14/2010 9:32:19 AM - System Checkpoint
RP670: 11/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP671: 11/16/2010 3:19:37 AM - System Checkpoint
RP672: 11/17/2010 6:19:05 PM - System Checkpoint
RP673: 11/18/2010 6:50:36 PM - System Checkpoint
RP674: 11/19/2010 10:38:35 PM - Printer Driver PDFCreator Installed
RP675: 11/21/2010 12:16:27 AM - Removed HP Photo and Imaging 1.0 - HP Photosmart Printer Series
RP676: 11/21/2010 7:53:14 AM - Removed HP Install Network Printer Wizard
RP677: 11/21/2010 10:15:04 AM - Restore Operation
RP678: 11/21/2010 10:19:56 AM - Restore Operation
RP679: 11/21/2010 5:28:23 PM - Removed Adobe Reader 8.2.0
RP680: 11/21/2010 7:16:23 PM - Installed Adobe Reader 8.2.0
==== Installed Programs ======================
Adobe Download Manager
Adobe Reader 8.2.0
Adobe Shockwave Player
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audiosurf
BitTorrent
Bonjour
Calculator Powertoy for Windows XP
Critical Update for Windows Media Player 11 (KB959772)
CyberLink MediaShow
Data Lifeguard Diagnostic for Windows
Digital Media Reader
DING!
DNA
DWGdirectX 3.2
Extreme Messenger for AIM
FirstClass Client
Google Chrome
Google SketchUp 6
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Updater
Hexagon Mahjongg
HijackThis 2.0.2
honestech Video Editor
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
IHA_MessageCenter
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 10
LG USB Modem driver
LimeWire 5.4.8
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
Mirage 2000 N Basic Pack
Mirage F1v2.5
Move Networks Player for Internet Explorer
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero BurnRights
Nero OEM
Photo Viewer
Picasa 3
PowerDVD
Pure Networks Port Magic
QuickTime
RealArcade
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
RPS CRT
Samsung USB Driver (MCCI 4.16)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB93
jholland1964 650 Posting Expert Team Colleague Featured Poster
First of all you need to follow the instructions given in our Read Me sticky, yes you have posted the DDS log, but you have posted no other logs. MBA-M in particular.
You also have not done as instructed in 1A of the instructions:
1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:
P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
Your log and uninstall list show the following P2P programs on the computer:
BitTorrent
LimeWire 5.4.8
Please uninstall these programs if you want assistance. They are very likely the reason you are infected.
You have grossly out of date Java installed along with the old version of HiJackThis.
The java we will worry about later.
You definitely have at least one serious infection on there, maybe more.
You need to remove the programs I noted. You need to update Malwarebytes' Anti-Malware and run a Full Scan with it. Have it remove everything found, and then Reboot the computer.
Come back here and post that MBA-M log along with a system scan log done with the newest version of HiJackThis which is version 2.0.4, be sure to uninstall the old version.
Get the new one here: http://free.antivirus.com/hijackthis/
Judy
jsmith6752 0 Light Poster
sorry, I did not realize what P2P was could not upload this file so I copy and pasted it
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:12 PM, on 11/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1138608916\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101117174617.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {c87d4a82-1dd1-11b2-822f-bf4e95780c99} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~2\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138608916\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226435238711&h=ee643eae6f50a32bed1dd0109f0e9d22/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4861/mcfscan.cab
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14390 bytes
The attachment preview is chopped off after the first 10 KB. Please download the entire file.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2005 12:01:19 PM
System Uptime: 11/21/2010 10:14:58 PM (24 hours ago)
Motherboard: MICRO-STAR | | MS-7145
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 2193/199mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 150 GiB total, 96.952 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 0.846 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: photosmart 7350
Device ID: DOT4PRT\VID_03F0&PID_3C02&DOT4&PRINT_HPHI11\8&351AE1B1&0&1
Manufacturer:
Name: photosmart 7350
PNP Device ID: DOT4PRT\VID_03F0&PID_3C02&DOT4&PRINT_HPHI11\8&351AE1B1&0&1
Service:
==== System Restore Points ===================
RP598: 8/25/2010 11:56:03 AM - System Checkpoint
RP599: 8/26/2010 1:43:33 PM - System Checkpoint
RP600: 8/27/2010 3:43:32 PM - System Checkpoint
RP601: 9/2/2010 10:55:18 PM - System Checkpoint
RP602: 9/3/2010 11:43:35 PM - System Checkpoint
RP603: 9/5/2010 1:43:24 AM - System Checkpoint
RP604: 9/6/2010 3:43:24 AM - System Checkpoint
RP605: 9/7/2010 10:57:54 PM - System Checkpoint
RP606: 9/8/2010 11:38:07 PM - System Checkpoint
RP607: 9/10/2010 7:23:18 AM - System Checkpoint
RP608: 9/11/2010 3:37:09 PM - System Checkpoint
RP609: 9/12/2010 5:59:56 PM - System Checkpoint
RP610: 9/13/2010 8:35:02 PM - System Checkpoint
RP611: 9/14/2010 10:49:28 PM - System Checkpoint
RP612: 9/15/2010 11:12:29 PM - System Checkpoint
RP613: 9/17/2010 6:48:44 PM - Software Distribution Service 3.0
RP614: 9/18/2010 9:52:42 PM - System Checkpoint
RP615: 9/19/2010 10:57:54 PM - System Checkpoint
RP616: 9/20/2010 11:12:16 PM - System Checkpoint
RP617: 9/22/2010 12:40:09 AM - System Checkpoint
RP618: 9/23/2010 2:40:09 AM - System Checkpoint
RP619: 9/24/2010 4:34:03 AM - System Checkpoint
RP620: 9/25/2010 6:34:07 AM - System Checkpoint
RP621: 9/26/2010 10:34:23 AM - System Checkpoint
RP622: 9/27/2010 12:34:06 PM - System Checkpoint
RP623: 9/28/2010 1:20:12 PM - System Checkpoint
RP624: 9/28/2010 9:53:57 PM - Software Distribution Service 3.0
RP625: 9/30/2010 12:43:47 AM - System Checkpoint
RP626: 10/1/2010 2:33:37 AM - System Checkpoint
RP627: 10/2/2010 4:33:38 AM - System Checkpoint
RP628: 10/3/2010 7:55:43 AM - System Checkpoint
RP629: 10/4/2010 8:33:42 AM - System Checkpoint
RP630: 10/5/2010 8:44:34 AM - System Checkpoint
RP631: 10/6/2010 10:44:34 AM - System Checkpoint
RP632: 10/7/2010 12:44:38 PM - System Checkpoint
RP633: 10/7/2010 2:27:08 PM - Software Distribution Service 3.0
RP634: 10/7/2010 9:31:48 PM - Software Distribution Service 3.0
RP635: 10/8/2010 9:47:41 PM - System Checkpoint
RP636: 10/9/2010 11:46:35 PM - System Checkpoint
RP637: 10/11/2010 1:46:36 AM - System Checkpoint
RP638: 10/12/2010 1:47:41 AM - System Checkpoint
RP639: 10/13/2010 3:46:37 AM - System Checkpoint
RP640: 10/14/2010 5:46:35 AM - System Checkpoint
RP641: 10/15/2010 7:47:54 AM - System Checkpoint
RP642: 10/15/2010 8:05:47 PM - Software Distribution Service 3.0
RP643: 10/16/2010 9:46:30 PM - System Checkpoint
RP644: 10/17/2010 10:28:20 AM - Installed DirectX
RP645: 10/18/2010 10:44:58 AM - System Checkpoint
RP646: 10/19/2010 12:44:58 PM - System Checkpoint
RP647: 10/20/2010 2:17:14 PM - System Checkpoint
RP648: 10/21/2010 4:17:14 PM - System Checkpoint
RP649: 10/22/2010 6:17:12 PM - System Checkpoint
RP650: 10/23/2010 6:18:15 PM - System Checkpoint
RP651: 10/24/2010 8:17:14 PM - System Checkpoint
RP652: 10/25/2010 9:10:31 PM - System Checkpoint
RP653: 10/26/2010 11:56:02 PM - System Checkpoint
RP654: 10/28/2010 12:18:06 AM - System Checkpoint
RP655: 10/29/2010 2:17:02 AM - System Checkpoint
RP656: 10/30/2010 2:21:37 AM - System Checkpoint
RP657: 10/31/2010 4:18:06 AM - System Checkpoint
RP658: 11/3/2010 5:34:38 PM - System Checkpoint
RP659: 11/4/2010 6:19:39 PM - System Checkpoint
RP660: 11/5/2010 9:02:25 PM - System Checkpoint
RP661: 11/6/2010 9:14:48 PM - Configured Google SketchUp 6
RP662: 11/6/2010 9:17:03 PM - Installed Google SketchUp 8
RP663: 11/7/2010 9:19:37 PM - System Checkpoint
RP664: 11/8/2010 11:33:40 PM - System Checkpoint
RP665: 11/10/2010 1:19:37 AM - System Checkpoint
RP666: 11/11/2010 1:34:07 AM - System Checkpoint
RP667: 11/12/2010 3:19:37 AM - System Checkpoint
RP668: 11/13/2010 5:19:36 AM - System Checkpoint
RP669: 11/14/2010 9:32:19 AM - System Checkpoint
RP670: 11/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP671: 11/16/2010 3:19:37 AM - System Checkpoint
RP672: 11/17/2010 6:19:05 PM - System Checkpoint
RP673: 11/18/2010 6:50:36 PM - System Checkpoint
RP674: 11/19/2010 10:38:35 PM - Printer Driver PDFCreator Installed
RP675: 11/21/2010 12:16:27 AM - Removed HP Photo and Imaging 1.0 - HP Photosmart Printer Series
RP676: 11/21/2010 7:53:14 AM - Removed HP Install Network Printer Wizard
RP677: 11/21/2010 10:15:04 AM - Restore Operation
RP678: 11/21/2010 10:19:56 AM - Restore Operation
RP679: 11/21/2010 5:28:23 PM - Removed Adobe Reader 8.2.0
RP680: 11/21/2010 7:16:23 PM - Installed Adobe Reader 8.2.0
RP681: 11/22/2010 5:25:23 PM - Removed DING!
RP682: 11/22/2010 7:43:18 PM - Installed HiJackThis
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audiosurf
Bonjour
Calculator Powertoy for Windows XP
Critical Update for Windows Media Player 11 (KB959772)
CyberLink MediaShow
Data Lifeguard Diagnostic for Windows
Digital Media Reader
DWGdirectX 3.2
Extreme Messenger for AIM
Google Chrome
Google SketchUp 6
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Updater
Hexagon Mahjongg
HiJackThis
honestech Video Editor
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
IHA_MessageCenter
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 10
LG USB Modem driver
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
Mirage 2000 N Basic Pack
Mirage F1v2.5
Move Networks Player for Internet Explorer
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero BurnRights
Nero OEM
Photo Viewer
Picasa 3
PowerDVD
Pure Networks Port Magic
QuickTime
RealArcade
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
RPS CRT
Samsung USB Driver (MCCI 4.16)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Securi
The attachment preview is chopped off after the first 10 KB. Please download the entire file.
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 22:46:20.01 on Mon 11/22/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.770 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1138608916\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(3).scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://verizon.net/
mSearch Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101117174617.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
{c87d4a82-1dd1-11b2-822f-bf4e95780c99}
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sysreq]
uRun: [ravmond]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Instance 001]
uRun: [IELoader32]
uRun: [AntiVermins]
uRun: [Aim6]
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~2\PortAOL.exe" -Run
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HostManager] c:\program files\common files\aol\1138608916\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226435238711&h=ee643eae6f50a32bed1dd0109f0e9d22/&filename=jinstall-6u10-windows-i586-jc.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://69.213.66.54/TSWEB/msrdp.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://66.242.36.104/app/view22RTE.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4861/mcfscan.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5173
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/22/2010 10:38:00 PM
mbam-log-2010-11-22 (22-38-00).txt
Scan type: Full scan (C:\|)
Objects scanned: 382131
Time elapsed: 2 hour(s), 53 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
jholland1964 650 Posting Expert Team Colleague Featured Poster
We prefer that the logs be copy/pasted not attached. How exactly are you connecting to the internet? You are showing AOL dial up and a broadband connection.
Edited by jholland1964 because: n/a
jsmith6752 0 Light Poster
We prefer that the logs be copy/pasted not attached. How exactly are you connecting to the internet? You are showing AOL dial up and a broadband connection.
I have Verizon fios and connect with them. I use firefox mostly. My wife still uses her AOl account for some reason and when she logs on it is identified as a broadband connection. thanks again.....
jholland1964 650 Posting Expert Team Colleague Featured Poster
Well I tell you, the AOL stuff, most of it we can get rid of because it applies to dial-up connections and she still will be able to use AOL without difficulty but we will do that later.
I want you to do this:
Please download ComboFix by sUBs from
http://www.bleepingcomputer.com/download/anti-virus/combofix
Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.
• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Turn off McAfee and then be sure to check the Task Manager for any of these you see, if you see any of them after turning off McAfee then end the process
2.0.181\SSScheduler.exe
McSvcHost\McSvHost.exe
mfevtps.exe
mcshield.exe
mfefire.exe
mcagent.exe
After that continue with the instructions below:
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh DDS log
• Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
I ask that you please copy past the logs here, do not attach them.
Judy
jsmith6752 0 Light Poster
this computer did some strange things while this was going on..it even downloaded something from microsoft for a restore point well here is the log thanks
ComboFix 10-11-23.01 - Owner 11/23/2010 20:07:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.721 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jackie.YOUR-60E4B8F107\err.log
c:\documents and settings\James.YOUR-60E4B8F107\err.log
c:\documents and settings\James.YOUR-60E4B8F107\Favorites\.url
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\Favorites\.url
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
C:\LOG1107.tmp
C:\LOG1279.tmp
C:\LOG14B0.tmp
C:\LOG150A.tmp
C:\LOG17B.tmp
C:\LOG192.tmp
C:\LOG193.tmp
C:\LOG1F6.tmp
C:\LOG2A81.tmp
C:\LOG2CD2.tmp
C:\LOG2E7.tmp
C:\LOG3A4.tmp
C:\LOG3B5.tmp
C:\LOG3BA.tmp
C:\LOG3DD.tmp
C:\LOG4AE.tmp
C:\LOG4ED.tmp
C:\LOG5C1.tmp
C:\LOG5C2.tmp
C:\LOG5C6.tmp
C:\LOG655.tmp
C:\LOG871.tmp
C:\LOG872.tmp
C:\LOG880.tmp
C:\LOGA37.tmp
C:\LOGC2B.tmp
C:\LOGC2C.tmp
C:\LOGC2E.tmp
C:\LOGE88.tmp
C:\LOGE9F.tmp
C:\LOGFB4.tmp
C:\WA6P
c:\windows\dat.txt
c:\windows\jestertb.dll
c:\windows\MailSwitch.ocx
c:\windows\search_res.txt
c:\windows\system32\stera.log
c:\windows\system32\system
C:\XES1910.tmp
C:\XES1913.tmp
C:\XES1915.tmp
C:\XES1917.tmp
C:\XES1919.tmp
C:\XES191E.tmp
C:\XES1922.tmp
C:\XES4FF8.tmp
C:\XES4FFF.tmp
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_LSASS
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.
2010-11-23 00:43 . 2010-11-23 00:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-21 22:24 . 2002-05-24 12:46 50276 ----a-r- c:\windows\system32\drivers\hphs2k11.sys
2010-11-21 22:24 . 2002-05-24 12:46 18928 ----a-r- c:\windows\system32\drivers\hphius11.sys
2010-11-21 22:24 . 2002-05-24 12:46 81920 ----a-r- c:\windows\system32\hphipr11.dll
2010-11-21 22:24 . 2002-05-24 12:46 77824 ----a-r- c:\windows\system32\hphipm11.exe
2010-11-21 22:24 . 2002-05-24 12:46 50896 ----a-r- c:\windows\system32\drivers\hphid411.sys
2010-11-21 22:24 . 2002-05-24 12:46 16112 ----a-r- c:\windows\system32\drivers\hphipr11.sys
2010-11-21 22:24 . 2002-05-24 12:46 356352 ----a-r- c:\windows\system32\hphc3204.dll
2010-11-21 22:24 . 2002-05-24 12:46 98304 ----a-r- c:\windows\system32\hphidr11.dll
2010-11-21 16:09 . 2010-11-21 16:09 -------- d-----w- C:\HP Photosmart 11
2010-11-17 21:26 . 2010-11-17 22:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Viega
2010-11-17 02:40 . 2010-09-04 19:09 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-11-17 02:40 . 2010-09-04 19:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-17 02:40 . 2010-09-04 19:09 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-11-17 02:40 . 2010-09-04 19:09 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-17 02:40 . 2010-09-04 19:09 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-17 02:40 . 2010-09-04 19:09 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-17 02:40 . 2010-09-04 19:09 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-17 02:40 . 2010-09-04 19:09 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-17 02:40 . 2010-09-04 19:09 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-11-17 02:40 . 2010-09-04 19:09 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-17 02:40 . 2010-09-04 19:09 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-17 02:40 . 2010-11-17 02:41 -------- d-----w- c:\program files\Common Files\Mcafee
2010-11-17 02:39 . 2010-11-19 22:24 -------- d-----w- c:\program files\McAfee
2010-11-17 02:22 . 2010-11-17 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-11-09 03:10 . 2010-11-09 03:10 -------- d-----w- c:\program files\Common Files\DWGdirectX 3.2
2010-11-09 03:10 . 2010-11-09 03:10 -------- d-----w- c:\program files\Open Design Alliance
2010-11-09 03:10 . 2010-01-18 22:12 1660424 ----a-w- c:\windows\system32\fpSPR80.ocx
2010-11-09 03:10 . 2008-01-30 05:00 176128 ----a-w- c:\windows\system32\dzip32.dll
2010-11-09 03:10 . 2008-01-30 05:00 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-11-09 03:10 . 2003-09-02 20:23 2215936 ----a-w- c:\windows\system32\ODX.dll
2010-11-09 03:10 . 2003-01-15 20:24 336928 ------w- c:\windows\system32\SSTree.ocx
2010-11-09 03:10 . 2000-11-17 13:06 148480 ----a-w- c:\windows\system32\dwStg.dll
2010-11-09 03:09 . 2010-11-14 23:43 -------- d-----w- c:\program files\Visual 2.0
2010-11-07 15:58 . 2010-11-08 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\SmartDraw
2010-10-31 00:28 . 2010-10-31 00:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-10-29 00:11 . 2010-10-29 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-10-29 00:11 . 2010-10-31 00:25 -------- d-----w- c:\program files\McAfee Security Scan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2005-03-23 16:52 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-03-23 16:52 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-03-23 16:52 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-03-23 16:52 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2005-03-23 16:53 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2005-03-23 16:52 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2005-03-23 16:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2005-03-23 16:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2005-03-23 16:52 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2005-03-23 16:52 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-03-23 16:53 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-03-23 16:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-03-23 16:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-03-23 16:52 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 04:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2005-11-01 03:16 . 2005-11-01 03:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2010-09-04 19:09 . 2010-11-17 02:40 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-02 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~2\PortAOL.exe" [2004-05-07 99480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HostManager"="c:\program files\Common Files\AOL\1138608916\ee\AOLSoftware.exe" [2006-09-26 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-11 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-5-9 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-10-21 20:29 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"SDService"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138608916\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/16/2010 9:40 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/16/2010 9:40 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/16/2010 9:40 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/16/2010 9:40 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [11/16/2010 9:40 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [11/16/2010 9:40 PM 141792]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [11/16/2010 9:21 PM 689392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/11/2007 5:10 PM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/16/2010 9:40 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/16/2010 9:40 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/16/2010 9:40 PM 88544]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 7:12 PM 10664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/16/2010 9:40 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/16/2010 9:40 PM 84264]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/5/2007 1:28 PM 899884]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/16/2010 9:40 PM 271480]
S4 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [10/9/2007 10:19 PM 251344]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3294084044-3173087013-617060745-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 02:05]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3294084044-3173087013-617060745-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 02:05]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://verizon.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjwrtmww.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.verizon.net/central/vzc.portal
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjwrtmww.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{c87d4a82-1dd1-11b2-822f-bf4e95780c99} - (no file)
HKCU-Run-sysreq - (no file)
HKCU-Run-ravmond - (no file)
HKCU-Run-Instance 001 - (no file)
HKCU-Run-IELoader32 - (no file)
HKCU-Run-AntiVermins - (no file)
HKCU-Run-Aim6 - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 20:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3294084044-3173087013-617060745-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\progra~1\Verizon\SMARTB~1\SBHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee Security Scan\2.0.181\McUICnt.exe
.
**************************************************************************
.
Completion time: 2010-11-23 20:28:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 01:28
Pre-Run: 104,039,014,400 bytes free
Post-Run: 103,884,931,072 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 7B51BADB0555CFCF9A309CC5B0D0EDC6
jholland1964 650 Posting Expert Team Colleague Featured Poster
this computer did some strange things while this was going on..it even downloaded something from microsoft for a restore point
That is normal, that is what it is supposed to do.
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
You failed to follow this part of the instructions;
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Turn off McAfee and then be sure to check the Task Manager for any of these you see, if you see any of them after turning off McAfee then end the process
2.0.181\SSScheduler.exe
McSvcHost\McSvHost.exe
mfevtps.exe
mcshield.exe
mfefire.exe
mcagent.exe
Now that said, it appears that it did it's work.
I would like to see a new DDS scan log.
Edited by jholland1964 because: n/a
jsmith6752 0 Light Poster
here's the latest
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:17:42.18 on Tue 11/23/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.673 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1138608916\ee\AOLSoftware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://verizon.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101117174617.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~2\PortAOL.exe" -Run
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HostManager] c:\program files\common files\aol\1138608916\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226435238711&h=ee643eae6f50a32bed1dd0109f0e9d22/&filename=jinstall-6u10-windows-i586-jc.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://69.213.66.54/TSWEB/msrdp.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://66.242.36.104/app/view22RTE.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4861/mcfscan.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yjwrtmww.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.verizon.net/central/vzc.portal
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\yjwrtmww.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-16 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-16 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-16 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-11-16 141792]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-11-16 689392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-11 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-16 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-16 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-16 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-16 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-16 88544]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-16 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-16 84264]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2007-4-5 899884]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-16 271480]
S4 SDService;SDService;c:\program files\spywaredetector\SDService.exe [2007-10-9 251344]
=============== Created Last 30 ================
2010-11-24 01:03:26 0 d-sha-r- C:\cmdcons
2010-11-24 00:58:15 98816 ----a-w- c:\windows\sed.exe
2010-11-24 00:58:15 89088 ----a-w- c:\windows\MBR.exe
2010-11-24 00:58:15 256512 ----a-w- c:\windows\PEV.exe
2010-11-24 00:58:15 161792 ----a-w- c:\windows\SWREG.exe
2010-11-24 00:58:05 0 d-----w- C:\ComboFix
2010-11-21 22:24:41 50276 ----a-r- c:\windows\system32\drivers\hphs2k11.sys
2010-11-21 22:24:41 18928 ----a-r- c:\windows\system32\drivers\hphius11.sys
2010-11-21 22:24:40 81920 ----a-r- c:\windows\system32\hphipr11.dll
2010-11-21 22:24:40 77824 ----a-r- c:\windows\system32\hphipm11.exe
2010-11-21 22:24:40 50896 ----a-r- c:\windows\system32\drivers\hphid411.sys
2010-11-21 22:24:40 16112 ----a-r- c:\windows\system32\drivers\hphipr11.sys
2010-11-21 22:24:39 98304 ----a-r- c:\windows\system32\hphidr11.dll
2010-11-21 22:24:39 356352 ----a-r- c:\windows\system32\hphc3204.dll
2010-11-21 22:24:38 4760 ----a-r- c:\windows\hphmdl11.dat
2010-11-21 16:09:57 0 d-----w- C:\HP Photosmart 11
2010-11-17 21:26:09 0 d-----w- c:\docume~1\owner\applic~1\Viega
2010-11-17 21:25:01 0 d-----w- c:\program files\Viega
2010-11-17 02:40:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-17 02:40:39 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-11-17 02:40:39 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-17 02:40:39 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-17 02:40:39 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-17 02:40:39 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-17 02:40:39 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-17 02:40:39 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-11-17 02:40:39 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-17 02:40:39 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-17 02:40:29 0 d-----w- c:\program files\common files\Mcafee
2010-11-17 02:40:18 0 d-----w- c:\program files\McAfee.com
2010-11-17 02:39:40 0 d-----w- c:\program files\McAfee
2010-11-17 02:22:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-11-09 03:10:43 0 d-----w- c:\program files\common files\DWGdirectX 3.2
2010-11-09 03:10:42 0 d-----w- c:\program files\Open Design Alliance
2010-11-09 03:10:01 176128 ----a-w- c:\windows\system32\dzip32.dll
2010-11-09 03:10:01 1660424 ----a-w- c:\windows\system32\fpSPR80.ocx
2010-11-09 03:10:01 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-11-09 03:10:00 336928 ------w- c:\windows\system32\SSTree.ocx
2010-11-09 03:10:00 2215936 ----a-w- c:\windows\system32\ODX.dll
2010-11-09 03:10:00 148480 ----a-w- c:\windows\system32\dwStg.dll
2010-11-09 03:09:26 0 d-----w- c:\program files\Visual 2.0
2010-11-07 15:58:18 0 d-----w- c:\docume~1\owner\applic~1\SmartDraw
2010-10-29 00:11:16 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-10-29 00:11:06 0 d-----w- c:\program files\McAfee Security Scan
==================== Find3M ====================
2010-11-17 04:06:22 139188256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-11-17 03:39:33 9080608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-11-03 00:30:48 808316 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-11-03 00:30:48 1785596 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 20:36:12 544 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2005-11-01 03:16:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-03-14 13:10:31 0 --sha-w- c:\windows\sminst\HPCD.sys
2006-11-14 02:16:04 8 --sh--r- c:\windows\system32\5554A1B378.sys
2006-12-18 07:28:41 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-24 17:18:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat
============= FINISH: 21:18:24.68 ===============
jholland1964 650 Posting Expert Team Colleague Featured Poster
Much, much better. Now update MBA-M and do another full scan with it. Of course have it remove everything found and of course post the log.
Progress is absolutely being made now and it won't be long until we're finished.
Judy
jsmith6752 0 Light Poster
bad news..I just tried to install my printer and I am having the same exact problem. Verizon Security pops up and says " trojan detected" restart now. Something is preventing programs to be installed correctly. thank so much for your time....jim
jsmith6752 0 Light Poster
sorry, I should mention that 'Artemis!117A7F38669A' comes up
jholland1964 650 Posting Expert Team Colleague Featured Poster
Verizon Security pops up
What happened to McAfee? Are you telling me that you have TWO security programs running? That is an absolute No-No
and why in the world are you trying to install a printer when you are in the middle of a clean up?
sorry, I should mention that 'Artemis!117A7F38669A' comes up
I have no idea what you are talking about.
I requested a new scan with MBA-M but instead you are attempting to install a printer. Not sure I can continue with this since you evidently feel installing a printer is more important than completing the clean up. You failed to follow the instructions to disable the McAfee during the Combofix run and now you are installing a printer instead of continuing with the instructions given to get this computer clean.
The only other thing I can suggest since you don't want to continue cleaning is to reformat.
But when you do be sure to only install ONE security suite, not two. Running more than one and having them fight each other makes it that much easier for severe infections to invade a computer. Add to that the use of P2P and you are pretty much guaranteed of major infections which you obviously have on there.
Edited by jholland1964 because: n/a
jsmith6752 0 Light Poster
I am sorry for the confusion but Verizon has joined partnered with McAfee recently. When I went into my task manager I stopped all the application that were listed but it would not let me stop the anti-virus. I got a denied window. The install for the printer came up under new hardware found. I stopped the process but the virus warning showed up first. I will post a new log later today.........thanks so much
jholland1964 650 Posting Expert Team Colleague Featured Poster
Unplug the printer from the computer. Then Uninstall ALL the software that is on there for the printer.
jsmith6752 0 Light Poster
hopefully I did this correctly this time...I expected this log to be like the others but it's pretty short
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5173
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/24/2010 5:45:01 PM
mbam-log-2010-11-24 (17-45-01).txt
Scan type: Full scan (C:\|)
Objects scanned: 384411
Time elapsed: 2 hour(s), 33 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
jholland1964 650 Posting Expert Team Colleague Featured Poster
Did you uninstall ALL software for the printer?
jsmith6752 0 Light Poster
I don't see anything in the program files and there are no printers installed the only thing I see is the add a printer icon thanks
jholland1964 650 Posting Expert Team Colleague Featured Poster
Ok, disconnect from the internet, unplug the cord in other words and if you connect wirelessly then disconnect the connection.
Turn off ALL protection programs completely. Look in the task manager to make sure none of them are running.
Then following the instructions given by the printer manufacturer try to install your printer.
jsmith6752 0 Light Poster
I followed your instructions for the install. The install kept look for a exe. file but it worked through it. One thing I noticed is my port was always LPT1 and now it's dot4. I am not sure if that matters. I would like to thank all for your patience and expertise. I know it must be frustrating dealing with us at times. I know that it has been a learning experience for me.........thanks jim
jholland1964 650 Posting Expert Team Colleague Featured Poster
Does the printer work?
Some HP printers are designed to add a dot 4 port,which is virtual.
A virtual port can not do peer to peer and this is by design.
Edited by jholland1964 because: n/a
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.