TechSpot

Smart Engine picked up

By hlratliff
Nov 4, 2010
  1. My son picked up a whole lot of bad stuff playing on the computer last night. I immediately did a scan with malwarebytes, adaware and my antivirus. Did the 8 steps and will attach logs. Want to make sure that everything is gone and we are okay. Thanks for the help, Hailey
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hailey, we now have all logs pasted into the replies. Okay to use multiple posts if needed.

    After you finish with DDS, please run the following:

    Download bootkitremover.rar and save it to your desktop.
    • Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip
    • Double-click on the remover.exe file to run the program.
    • Paste the output in your next reply.
     
  3. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Here's the output. Hope I did this right. Thank you for you help.
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm going to have to check the dowmload link for this in the morning. You shouldn't be getting the debugger. Will get back to you in SM.
     
  5. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Once I downloaded 7 zip I was able to zip the dds and attach. I have added them here because I wasn't sure if you had gotten them before.
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please re-post with both of the DDS logs pasted into the next reply. No zipped files please- ignore that instruction for Attach.exe.

    Follow with Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =======================================
    Then download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Paste all logs please. Use multiple posts if needed
     
  7. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Okay Bobbye, here you go.


    DDS (Ver_10-11-03.01) - NTFSx86
    Run by Hailey at 14:18:56.48 on Fri 11/05/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.216 [GMT -4:00]

    AV: Smart Engine *On-access scanning enabled* (Updated) {354EAC0D-F85C-4D83-AABF-ABFD3E13E9DD}
    AV: avast! antivirus 4.8.1368 [VPS 101105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Smart Engine *enabled* {555C4353-8A5E-4094-927F-B60C9B7EFDF8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    svchost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
    C:\Documents and Settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Hailey\My Documents\Downloads\dds(4).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\documents and settings\hailey\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    StartupFolder: c:\docume~1\hailey\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: &Search
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hailey\applic~1\mozilla\firefox\profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\hailey\application data\mozilla\firefox\profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\hailey\application data\mozilla\firefox\profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\hailey\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-9-14 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-14 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-8-17 138680]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-8-17 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-8-17 352920]
    S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys --> c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys [?]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\hailey\locals~1\temp\isffp_sd.sys --> c:\docume~1\hailey\locals~1\temp\isffp_sd.sys [?]
    S3 lredbooo;lredbooo;\??\c:\docume~1\hailey\locals~1\temp\lredbooo.sys --> c:\docume~1\hailey\locals~1\temp\lredbooo.sys [?]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

    =============== Created Last 30 ================

    2010-11-04 19:24:20 -------- d-----w- c:\program files\CCleaner
    2010-11-04 01:34:03 -------- d-sh--w- c:\docume~1\hailey\applic~1\Smart Engine
    2010-11-04 01:34:02 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMWBSJMZDAE
    2010-11-04 01:33:14 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\088357
    2010-10-31 12:12:28 -------- d-----w- c:\docume~1\hailey\locals~1\applic~1\HP
    2010-10-31 12:11:52 -------- d-----w- c:\docume~1\hailey\locals~1\applic~1\ApplicationHistory
    2010-10-28 22:56:38 -------- d-----w- c:\program files\common files\HP
    2010-10-28 22:54:23 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2010-10-28 22:53:17 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48:52 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48:52 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38:40 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38:40 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38:40 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:38:40 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38:40 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38:40 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:37:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19:10 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19:10 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19:09 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18:47 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18:46 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18:46 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18:45 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17:50 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10:34 -------- d-----w- c:\docume~1\hailey\applic~1\Malwarebytes
    2010-10-17 23:10:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-17 23:10:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 23:10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-15 10:56:26 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56:22 -------- d-----w- c:\program files\iTunes
    2010-10-11 10:29:02 -------- d-----w- c:\docume~1\hailey\applic~1\Registry Mechanic
    2010-10-08 20:57:13 -------- d-----w- c:\docume~1\hailey\applic~1\Unity

    ==================== Find3M ====================

    2010-09-20 11:38:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 14:19:25.23 ===============



    DDS (Ver_10-11-03.01) - NTFSx86
    Run by Hailey at 14:18:56.48 on Fri 11/05/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.216 [GMT -4:00]

    AV: Smart Engine *On-access scanning enabled* (Updated) {354EAC0D-F85C-4D83-AABF-ABFD3E13E9DD}
    AV: avast! antivirus 4.8.1368 [VPS 101105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Smart Engine *enabled* {555C4353-8A5E-4094-927F-B60C9B7EFDF8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    svchost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
    C:\Documents and Settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Hailey\My Documents\Downloads\dds(4).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\documents and settings\hailey\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    StartupFolder: c:\docume~1\hailey\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: &Search
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hailey\applic~1\mozilla\firefox\profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\hailey\application data\mozilla\firefox\profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\hailey\application data\mozilla\firefox\profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\hailey\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-9-14 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-14 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-8-17 138680]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-8-17 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-8-17 352920]
    S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys --> c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys [?]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\hailey\locals~1\temp\isffp_sd.sys --> c:\docume~1\hailey\locals~1\temp\isffp_sd.sys [?]
    S3 lredbooo;lredbooo;\??\c:\docume~1\hailey\locals~1\temp\lredbooo.sys --> c:\docume~1\hailey\locals~1\temp\lredbooo.sys [?]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

    =============== Created Last 30 ================

    2010-11-04 19:24:20 -------- d-----w- c:\program files\CCleaner
    2010-11-04 01:34:03 -------- d-sh--w- c:\docume~1\hailey\applic~1\Smart Engine
    2010-11-04 01:34:02 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMWBSJMZDAE
    2010-11-04 01:33:14 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\088357
    2010-10-31 12:12:28 -------- d-----w- c:\docume~1\hailey\locals~1\applic~1\HP
    2010-10-31 12:11:52 -------- d-----w- c:\docume~1\hailey\locals~1\applic~1\ApplicationHistory
    2010-10-28 22:56:38 -------- d-----w- c:\program files\common files\HP
    2010-10-28 22:54:23 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2010-10-28 22:53:17 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48:52 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48:52 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38:40 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38:40 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38:40 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:38:40 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38:40 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38:40 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:37:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19:10 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19:10 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19:09 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18:47 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18:46 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18:46 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18:45 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17:50 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10:34 -------- d-----w- c:\docume~1\hailey\applic~1\Malwarebytes
    2010-10-17 23:10:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-17 23:10:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 23:10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-15 10:56:26 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56:22 -------- d-----w- c:\program files\iTunes
    2010-10-11 10:29:02 -------- d-----w- c:\docume~1\hailey\applic~1\Registry Mechanic
    2010-10-08 20:57:13 -------- d-----w- c:\docume~1\hailey\applic~1\Unity

    ==================== Find3M ====================

    2010-09-20 11:38:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 14:19:25.23 ===============
     
  8. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=41912f8cea9d8d418fc20ebf26fcb992
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-05 07:20:28
    # local_time=2010-11-05 03:20:28 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=769 16775141 100 98 0 224349844 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=66055
    # found=2
    # cleaned=0
    # scan_time=1741
    C:\Documents and Settings\All Users\Application Data\088357\86.mof Win32/RogueAV.A trojan 00000000000000000000000000000000 I
    C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan 00000000000000000000000000000000 I


    ComboFix 10-11-05.01 - Hailey 11/05/2010 15:28:18.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.362 [GMT -4:00]
    Running from: c:\documents and settings\Hailey\My Documents\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 101105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\088357
    c:\documents and settings\All Users\Application Data\088357\08835717c0dfae528fe8a022051fdcd3.ocx
    c:\documents and settings\All Users\Application Data\088357\86.mof
    c:\documents and settings\All Users\Application Data\088357\8dxvbw2p45e7k8orku8bxwg.dll
    c:\documents and settings\All Users\Application Data\088357\BackUp\HP Digital Imaging Monitor.lnk
    c:\documents and settings\All Users\Application Data\088357\BackUp\HP Image Zone Fast Start.lnk
    c:\documents and settings\All Users\Application Data\088357\BackUp\OpenOffice.org 3.2.lnk
    c:\documents and settings\All Users\Application Data\088357\BackUp\Wireless Configuration Utility HW.15.lnk
    c:\documents and settings\All Users\Application Data\088357\mozcrt19.dll
    c:\documents and settings\All Users\Application Data\088357\SME.ico
    c:\documents and settings\All Users\Application Data\088357\sqlite3.dll
    c:\documents and settings\Hailey\Application Data\Smart Engine
    c:\documents and settings\Hailey\Application Data\Smart Engine\cookies.sqlite
    c:\documents and settings\Hailey\Application Data\Smart Engine\Instructions.ini
    c:\documents and settings\Hailey\Start Menu\Smart Engine.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
    .

    2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
    2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
    2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
    2010-11-04 01:34 . 2010-11-04 01:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMWBSJMZDAE
    2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
    2010-10-31 12:11 . 2010-11-04 20:10 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
    2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
    2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
    2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes
    2010-10-11 10:29 . 2010-10-11 10:29 -------- d-----w- c:\documents and settings\Hailey\Application Data\Registry Mechanic
    2010-10-10 15:38 . 2010-10-28 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-10-08 20:57 . 2010-10-08 20:57 -------- d-----w- c:\documents and settings\Hailey\Application Data\Unity
    2010-10-08 10:59 . 2010-10-08 10:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
    "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-06-27 540672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    c:\documents and settings\Hailey\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 5:09 PM 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 7:43 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 7:43 PM 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 9:57 AM 13532]
    S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys [?]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys [?]
    S3 lredbooo;lredbooo;\??\c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys [?]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KGPYYPOD
    *Deregistered* - kgpyypod
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]

    2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-05 15:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-11-05 15:34:53
    ComboFix-quarantined-files.txt 2010-11-05 19:34

    Pre-Run: 49,203,355,648 bytes free
    Post-Run: 49,166,700,544 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 5492474331E764D98E6CC1BAFA54F25A
     
  9. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Have I posted all the logs you need? Have not heard from anyone since yesterday and was wondering what I needed to do next. Thank you for all your help.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is the weekend and I'm not as active because I like to spend time with my family. We are all volunteers here.

    Let's remove Smart Engine then we'll deal with anything else that is left:

    Step One:Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    (A tip: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Smart Engine when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again.)

    Step Two: Update Mbam> On the Scanner tab, make sure the the Perform full scan option is selected

    Step Three: Access, Delete, Replace Hosts files
    Please download the following batch file and save it to your desktop: Hostsperm.bat
    • Double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run.
      [o]Once it starts you will see a small black window that opens, then goes away. This is normal. You should now be able to access your HOSTS file.
    • We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file.
    • Once it is deleted, download the following HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder.
      [o]Windows XP HOSTS File Download Link
    • If the contents of the HOSTS file opens in your browser when you click on the link, then right-click the link and select:
      [o]Save Target As if in Internet Explorer
      [o] Save Link Asif in Firefox, to download the file.
    • Your Windows HOSTS file should now be back to the default one from when Windows was first installed.
    • Now reboot your computer.
    ======================================
    When finished, please repeat the Eset online scan and the Combofix scan. We'll see what's left to deal with.
     
  11. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    I have pasted the rkill log. Not sure if it ran right, I never got a prompt to reboot. Tried all of them and got the same thing. Let me know if you want me to continue on with the additional instructions. Thank you.

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Hailey on 11/07/2010 at 14:30:32.


    Services Stopped:


    Processes terminated by Rkill or while it was running:


    C:\Documents and Settings\Hailey\My Documents\Downloads\rkill.com


    Rkill completed on 11/07/2010 at 14:30:35.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The purpose of rkill is to kill the processes that are preventing a program from running. It would be like if you opened the Task Manager> highlighted a process> did End Task. But you can't do that in this case because 1. you don't know what the processes are and 2. the malware might not allow the processes to be stopped using End Task.

    The reason you don't want to reboot after running rkill is because if you do, the processes will; be launched again and you're right back where you started.

    So the rkill log isn't the primary interest here, but rather the results of the scan that follows.
     
  13. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Okay Bobbye. Below are the logs.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5067

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    11/7/2010 3:27:00 PM
    mbam-log-2010-11-07 (15-27-00).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 201645
    Time elapsed: 40 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  14. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=41912f8cea9d8d418fc20ebf26fcb992
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-05 07:20:28
    # local_time=2010-11-05 03:20:28 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=769 16775141 100 98 0 224349844 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=66055
    # found=2
    # cleaned=0
    # scan_time=1741
    C:\Documents and Settings\All Users\Application Data\088357\86.mof Win32/RogueAV.A trojan 00000000000000000000000000000000 I
    C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan 00000000000000000000000000000000 I
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=41912f8cea9d8d418fc20ebf26fcb992
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-07 10:44:52
    # local_time=2010-11-07 05:44:52 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=769 16775141 100 98 0 224534006 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=74119
    # found=2
    # cleaned=0
    # scan_time=2642
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\088357\86.mof.vir Win32/RogueAV.A trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{30E8BBE2-8211-46D4-A884-03D6E03FBA38}\RP642\A0272197.mof Win32/RogueAV.A trojan 00000000000000000000000000000000 I
     
  15. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    ComboFix 10-11-05.01 - Hailey 11/07/2010 17:48:04.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.463 [GMT -5:00]
    Running from: c:\documents and settings\Hailey\My Documents\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 101107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
    .

    2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
    2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
    2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
    2010-11-04 01:34 . 2010-11-04 01:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMWBSJMZDAE
    2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
    2010-10-31 12:11 . 2010-11-07 21:53 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
    2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
    2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
    2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes
    2010-10-11 10:29 . 2010-10-11 10:29 -------- d-----w- c:\documents and settings\Hailey\Application Data\Registry Mechanic
    2010-10-10 15:38 . 2010-10-28 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-05_19.32.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-07 21:52 . 2010-11-07 21:52 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
    + 2010-11-07 21:53 . 2010-11-07 21:53 16384 c:\windows\Temp\Perflib_Perfdata_398.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 71002 c:\windows\system32\perfc009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 71002 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 440684 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 440684 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
    "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-06-27 540672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    c:\documents and settings\Hailey\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 4:09 PM 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 6:43 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 6:43 PM 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 8:57 AM 13532]
    S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys [?]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys [?]
    S3 lredbooo;lredbooo;\??\c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys [?]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SJYPKT
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]

    2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]

    2010-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-07 17:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(824)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-11-07 17:55:02
    ComboFix-quarantined-files.txt 2010-11-07 22:55
    ComboFix2.txt 2010-11-05 19:34

    Pre-Run: 49,063,305,216 bytes free
    Post-Run: 49,055,408,128 bytes free

    - - End Of File - - F2DB76D0E9E465551EF48621C9D27A55
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Getting there!

    Have you done Step 3 for the Smart Engine removal- the Hosts files? If not, please do that now
    When finished, do the following:

    Please run this Custom CFScrip

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\URTTEMP
    c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys
    c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys
    c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys
    d:\pcicon.sys 
    
    Folder::
    c:\documents and settings\LocalService\Application Data\McAfee
    DDS::
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: &Search
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    
    Registry::
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck =-
    
    Driver::
    ftsbvcap
    lredbooo
    PciCon
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  17. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    I'm not sure if I did the host thing right. There was a backup host file in that folder also but I didn't know whether or not to delete it, so I left it there. I downloaded the new one and a box came up and asked me what to open it with and I just picked firefox and then saved it back into the C:\Windows etc. file. Hope that was right. As soon as combo fix is done I will post the report.
     
  18. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Here's the combofix report. Hope this does it. Thank you for your patience and all your help.

    ComboFix 10-11-05.01 - Hailey 11/07/2010 17:48:04.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.463 [GMT -5:00]
    Running from: c:\documents and settings\Hailey\My Documents\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 101107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
    .

    2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
    2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
    2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
    2010-11-04 01:34 . 2010-11-04 01:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMWBSJMZDAE
    2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
    2010-10-31 12:11 . 2010-11-07 21:53 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
    2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
    2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
    2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes
    2010-10-11 10:29 . 2010-10-11 10:29 -------- d-----w- c:\documents and settings\Hailey\Application Data\Registry Mechanic
    2010-10-10 15:38 . 2010-10-28 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-05_19.32.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-07 21:52 . 2010-11-07 21:52 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
    + 2010-11-07 21:53 . 2010-11-07 21:53 16384 c:\windows\Temp\Perflib_Perfdata_398.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 71002 c:\windows\system32\perfc009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 71002 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 440684 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 440684 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
    "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-06-27 540672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    c:\documents and settings\Hailey\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 4:09 PM 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 6:43 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 6:43 PM 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 8:57 AM 13532]
    S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys [?]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys [?]
    S3 lredbooo;lredbooo;\??\c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys [?]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SJYPKT
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]

    2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]

    2010-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-07 17:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(824)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-11-07 17:55:02
    ComboFix-quarantined-files.txt 2010-11-07 22:55
    ComboFix2.txt 2010-11-05 19:34

    Pre-Run: 49,063,305,216 bytes free
    Post-Run: 49,055,408,128 bytes free

    - - End Of File - - F2DB76D0E9E465551EF48621C9D27A55
     
  19. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Good morning Bobbye. Where would you like to go from here?
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry, I started on this last night but had internet connections keep going down!

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys
    c:\docume~1\hailey\locals~1\temp\isffp_sd.sys
    c:\docume~1\hailey\locals~1\temp\lredbooo.sys
    c:\documents and settings\All Users\Application Data\TEMP
    d:\PciCon.sys 
    
    Folder::
    c:\docume~1\hailey\applic~1\Smart Engine
    c:\docume~1\alluse~1\applic~1\SMWBSJMZDAE
    c:\docume~1\alluse~1\applic~1\088357
    
    DDS::
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:25579
    
    Registry::
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
    
    Driver::
    ftsbvcap
    sffp_sd
    lredbooo
    PciCon
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  21. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Good morning Bobbye. Sorry to hear about your internet connection problems. That can be very frustrating. I really appreciate your help and figured you must be having problems because you are usually right on top of things. Anyway, below you will find the combofix log. I await to hear from you.

    ComboFix 10-11-10.03 - Hailey 11/11/2010 10:57:53.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.361 [GMT -5:00]
    Running from: c:\documents and settings\Hailey\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Hailey\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 101111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\docume~1\hailey\locals~1\temp\ftsbvcap.sys"
    "c:\docume~1\hailey\locals~1\temp\isffp_sd.sys"
    "c:\docume~1\hailey\locals~1\temp\lredbooo.sys"
    "c:\documents and settings\All Users\Application Data\TEMP"
    "d:\PciCon.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\alluse~1\applic~1\SMWBSJMZDAE
    c:\docume~1\alluse~1\applic~1\SMWBSJMZDAE\SMBQUEBBE.cfg

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
    .

    2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
    2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
    2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
    2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
    2010-10-31 12:11 . 2010-11-11 12:59 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
    2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
    2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
    2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-05_19.32.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-11 12:59 . 2010-11-11 12:59 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat
    + 2010-11-11 12:59 . 2010-11-11 12:59 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 71002 c:\windows\system32\perfc009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 71002 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-11-07 21:54 440684 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2010-10-28 22:53 440684 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    c:\documents and settings\Hailey\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 4:09 PM 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 6:43 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 6:43 PM 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 8:57 AM 13532]
    S3 isffp_sd;isffp_sd;\??\c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]

    2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]

    2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-11 11:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-11-11 11:04:54
    ComboFix-quarantined-files.txt 2010-11-11 16:04
    ComboFix2.txt 2010-11-09 03:06
    ComboFix3.txt 2010-11-07 22:55
    ComboFix4.txt 2010-11-05 19:34

    Pre-Run: 49,045,602,304 bytes free
    Post-Run: 49,035,489,280 bytes free

    - - End Of File - - 5171EB988B66DB5F772C26CA5E144C57
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks for the patience. The problem started again this morning but there was already a tech on the way. I "think" he resolved the problem- which we couldn't find!!

    Do you have any idea what this is?
    c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys
    I removed it with script, it shows deleted but it's back on this Combofix log. I'm going to try and get some info on it: The closet I came for an ID was related to the Forrestry Service Symposium in Malysia which did not ppear to be computer related.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :file
      c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys
      
      :service
      isffp_sd
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  23. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    I have no idea what c:\docume~1\Hailey etc... is. Below is the log.



    SystemLook 04.09.10 by jpshortstuff
    Log created at 14:09 on 11/11/2010 by Hailey
    Administrator - Elevation successful

    ========== file ==========

    c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys - Unable to find/read file.

    ========== service ==========

    isffp_sd
    isffp_sd
    (No Description)
    Current Status: Stopped
    Startup Type: Demand
    Error Control: Critical
    Binary: \??\C:\DOCUME~1\Hailey\LOCALS~1\Temp\isffp_sd.sys
    Group: (none)
    SafeBoot:
    Dependencies:
    (none)
    Dependant Services:
    (none)

    -= EOF =-
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys 
    
    Driver::
    isffp_sd
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    The Service is stopped, set to run on Demand. When you finish running the script again, Please do the following:
    Use Windows Exxplorer: Windows key + E> with WE open> click on Tools> Folder Options> View tab> Check 'show hidden files and folders'> uncheck 'hide operating system files (Recommended)> Apply> OK
    Now click on My Computer> Local Drive (C)> Documents and Settings> Hailey documents and settings> look for the following> delete if found:
    \c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys.
    Go back and rehide the files and folders
     
  25. hlratliff

    hlratliff TS Rookie Topic Starter Posts: 45

    Good evening Bobbye. I ran the script and will post the log. I also unhid the files and folders and the operating system files. I did not find the document or file. I will await to hear from you as to what we are going to do next. Thank you again for all your help.

    ComboFix 10-11-12.01 - Hailey 11/12/2010 18:27:41.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.426 [GMT -5:00]
    Running from: c:\documents and settings\Hailey\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Hailey\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 101112-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_isffp_sd


    ((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
    .

    2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
    2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
    2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
    2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
    2010-10-31 12:11 . 2010-11-12 23:32 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
    2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
    2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
    2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
    2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
    2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
    2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
    2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
    2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
    2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
    2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
    2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
    2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
    2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
    2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
    2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    c:\documents and settings\Hailey\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 4:09 PM 64288]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 6:43 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 6:43 PM 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1352832]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 8:57 AM 13532]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]

    2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]

    2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
    - c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: &Search
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-12 18:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3492)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-12 18:46:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-12 23:46
    ComboFix2.txt 2010-11-11 16:04
    ComboFix3.txt 2010-11-09 03:06
    ComboFix4.txt 2010-11-07 22:55
    ComboFix5.txt 2010-11-12 23:23

    Pre-Run: 49,041,879,040 bytes free
    Post-Run: 49,031,966,720 bytes free

    - - End Of File - - 2392808DE67CFC998D577315F7AFA5FA
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...