Active System locks up in IE Explorer 8 and Mozilla Firefox

CountVak · 2009/02/14

[Active] System locks up in IE Explorer 8 and Mozilla Firefox

DDS (Ver_09-02-01.01) - NTFSx86
Run by Steven Vakula at 0:30:24.70 on Sat 02/14/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.1.1033.18.1014.481 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\PC Tools Disk Suite\DSService.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Steven Vakula\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80111
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80111
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {A057A204-BACC-4D26-8E98-70AC85E57E9D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe "
mRun: [RestoreIT!] "c:\program files\farstone\restoreit!\restoreit!_xp\VBPTASK.EXE" VBStart
mRun: [SonicFocus] "c:\program files\sonic focus\sfigui\\SFIGUI.EXE" BOOT
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mp3 rocket (minimized).lnk - c:\program files\mp3 rocket\MP3Rocket.exe
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
Trusted Zone: mcafee.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1225093096170
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225092983836
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233907688677
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kbkgevents.webex.com/client/T26L/event/ieatgpc1.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\steven~1\appdata\roaming\mozilla\firefox\profiles\opuqnwg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1576177&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\program files\mozilla firefox\extensions\{318732a4-3815-329c-4ad2-436952ee2641}\components\FFProxy3.dll
FF - component: c:\program files\mozilla firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-23 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-30 28544]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2008-10-17 180074]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-7-6 906368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-14 00:16 318,976 a------- c:\windows\system32\CF26680.exe
2009-02-14 00:16 <DIR> --d----- C:\ComboFix
2009-02-13 12:30 318,976 a------- c:\windows\system32\CF19373.exe
2009-02-13 00:41 <DIR> -cd-h--- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-13 00:41 <DIR> -cd-h--- c:\progra~2\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-13 00:41 <DIR> --d----- c:\program files\Uniblue DriverScanner 2009
2009-02-11 18:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-11 18:09 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-11 18:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-11 18:09 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-11 18:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 01:16 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-02-09 06:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-09 02:58 <DIR> -cd-h--- c:\programdata\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-02-09 02:58 <DIR> -cd-h--- c:\progra~2\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-02-09 02:58 <DIR> -cd-h--- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-02-09 02:58 <DIR> -cd-h--- c:\progra~2\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-02-06 01:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_dc3d_01005.Wdf
2009-02-05 04:07 26,694 a------- c:\windows\system32\customercare.ico
2009-02-05 04:07 26,694 a------- c:\windows\system32\cableguy.ico
2009-02-05 04:07 26,694 a------- c:\windows\system32\about.ico
2009-02-05 04:07 10,134 a------- c:\windows\system32\tubely.ico
2009-02-03 03:41 <DIR> --d----- c:\programdata\Avg8
2009-02-03 03:41 <DIR> --d----- c:\progra~2\Avg8
2009-01-31 04:36 <DIR> --d----- c:\users\steven~1\appdata\roaming\Iconix
2009-01-31 04:36 <DIR> --d----- c:\programdata\Iconix
2009-01-31 04:36 <DIR> --d----- c:\progra~2\Iconix
2009-01-31 04:35 <DIR> --d----- c:\program files\common files\Iconix
2009-01-31 04:35 <DIR> --d----- c:\program files\Iconix
2009-01-31 02:52 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2009-01-31 02:51 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-01-31 02:41 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-31 02:41 <DIR> --d----- c:\windows\system32\directx
2009-01-31 02:32 <DIR> --d----- c:\program files\MSECache
2009-01-31 02:18 <DIR> --d----- c:\users\steven~1\appdata\roaming\Laplink
2009-01-31 02:17 <DIR> --d----- c:\program files\Laplink
2009-01-29 03:11 <DIR> -cd-h--- c:\programdata\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-01-29 03:11 <DIR> -cd-h--- c:\progra~2\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-01-29 01:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-28 10:33 <DIR> --d----- c:\program files\Microsoft
2009-01-26 03:29 <DIR> -cd-h--- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-26 03:29 <DIR> -cd-h--- c:\progra~2\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-23 03:11 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-23 03:06 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 03:06 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 03:06 <DIR> --d----- c:\program files\Lavasoft
2009-01-21 01:28 <DIR> --d----- c:\users\steven~1\appdata\roaming\matchmaker
2009-01-21 01:28 <DIR> --d----- c:\program files\matchmaker
2009-01-16 01:21 <DIR> --d----- c:\program files\Bonjour
2009-01-15 09:15 15,360 a------- c:\windows\system32\drivers\dc3d.sys

==================== Find3M ====================

2009-02-11 18:13 51,200 a------- c:\windows\inf\infpub.dat
2009-02-11 18:13 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-09 10:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-06 01:22 86,016 a------- c:\windows\inf\infstor.dat
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 03:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 03:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 03:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 03:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 03:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 03:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-09 04:08 319,456 a------- c:\windows\DIFxAPI.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-04 09:31 53,248 a------- c:\windows\system32\CSVer.dll
2008-11-26 11:32 56,912 a------- c:\users\steven vakula\g2mdlhlpx.exe
2008-11-01 22:16 61,224 a------- c:\users\steven vakula\GoToAssistDownloadHelper.exe
2008-10-18 03:29 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-18 02:55 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-24 19:32 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-24 19:32 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-10-24 19:32 786,432 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:33:11.43 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vistaâ„¢ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2008 3:02:48 PM
System Uptime: 2/13/2009 1:30:32 PM (11 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 134 GiB total, 41.384 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3B44052D&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3B44052D&0
Service: i8042prt

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SAA7130 TV Card
Device ID: ROOT\MEDIA\0000
Manufacturer: Philips Semiconductors
Name: SAA7130 TV Card
PNP Device ID: ROOT\MEDIA\0000
Service: 3xHybrid

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SAA7134 TV Card
Device ID: ROOT\MEDIA\0001
Manufacturer: Philips Semiconductors
Name: SAA7134 TV Card
PNP Device ID: ROOT\MEDIA\0001
Service: 3xHybrid

==== System Restore Points ===================

RP360: 2/12/2009 11:32:43 AM - Uniblue RegistryBooster 2009
RP361: 2/12/2009 11:07:00 PM - Ad-Aware Checkpoint
RP362: 2/13/2009 12:32:10 AM - Uniblue RegistryBooster 2009
RP364: 2/13/2009 12:40:56 AM - Installed Uniblue DriverScanner v1.0
RP365: 2/13/2009 8:37:05 AM - Uniblue RegistryBooster 2009

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9
Adobe Shockwave Player 11
Advanced SystemCare 3
AOL Toolbar
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avant Browser (remove only)
Bonjour
Client
DiMAGE Viewer
Download Updater (AOL LLC)
ESET Online Scanner
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Iconix® eMail ID
ieSpell
Intel(R) Network Connections 13.2.8.0
Intel(R) Processor ID Utility
InterVideo Home Theater
InterVideo WinDVD Creator 2
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KC Softwares VideoInspector
KONICA_MINOLTA DiMAGE remote camera driver
LANDesk System Manager Download
LIVETV4PC
livetvbar Toolbar
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NTI CD-Maker
NTI CD-Maker 6 Standard
OpenOffice.org Installer 1.0
Panda ActiveScan 2.0
PC Pitstop Driver Alert 1.0.0.13
PC Tools Disk Suite 1.0
Privacy Guardian 4.1
QuickTime
Realtek High Definition Audio Driver
RestoreIT!
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Smart Defrag 1.10
Sonic Focus 1.1
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
SVDVR
System Requirements Lab
ThreatExpert Memory Scanner 1.0
TomTom HOME 2.5.2.60
Ultimate Extras sounds from Microsoft® Tinkerâ„¢
Uniblue DriverScanner 2009
Uniblue PixelPerfect
Uniblue PowerSuite 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
VC_MergeModuleToMSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Online Meetings
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Sound Schemes
Windows Vista Upgrade Advisor
XMLinst
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/8/2009 1:24:48 AM, Error: Service Control Manager [7031] - The PC Tools Disk Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/8/2009 1:25:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Disk Suite service to connect.
2/8/2009 1:25:59 AM, Error: Service Control Manager [7000] - The PC Tools Disk Suite service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/8/2009 12:17:15 PM, Error: volmgr [46] - Crash dump initialization failed!
2/8/2009 12:18:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
2/8/2009 12:19:07 PM, Error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
2/8/2009 7:05:39 PM, Error: EventLog [6008] - The previous system shutdown at 5:33:29 PM on 2/8/2009 was unexpected.
2/9/2009 6:43:20 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
2/11/2009 6:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/11/2009 6:13:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/11/2009 6:13:32 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

noahdfear · 2009/02/14

Not seeing anything malware related. Lets make sure. Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now, do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

CountVak · 2009/02/18

The Kapersk came up with some virus information and I have attached the file. I have also deleted these subject files from the system then reran kapersky and it has no virus infections.

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 18, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 18, 2009 04:03:41
Records in database: 1810587

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 123905
Threat name 6
Infected objects 7
Suspicious objects 0
Duration of the scan 02:24:33

File name Threat name Threats count
C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$RCP5H7N.mpg Infected: Trojan-Downloader.WMA.GetCodec.g 1

C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$RK105OC.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$RKNDJUJ.zip Infected: not-a-virus:AdWare.Win32.TrafficSol.t 1

C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$RKNDJUJ.zip Infected: not-a-virus:AdWare.Win32.BHO.wt 2

C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$RNPLPIZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\$Recycle.Bin\S-1-5-21-1645522239-1606980848-682003330-1003\$ROQMYBY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

The selected area was scanned.

noahdfear · 2009/02/21

Sorry for the delay. Please post the log generated by ComboFix - should be located at C:\ComboFix.txt

Did you knowingly set search.conduit.com as the default Firefox search engine?

I would also like to see a HijackThis log. Please download the HijackThis Installer from here, then run a scan and save the log. Post the contents of that log here.

CountVak · 2009/02/28

Noahdfear, I have been attempting to fulfill the last request without success. I could not attach the combofix log nor could I run combofixz to generate another log. I ran the Kapersky virus scan again and suddenly several Trojans and other problems started to pop up. Still unable to run Combofix yesterday I ran the Trendmicro Housecall. It also found several problems that I fixed. I was still unable to run combofix for a log. I also have not been able to run the Trendmicro Housecall again and kept getting a installation and java loading error. Just know I booted in safemode with networking and was going through my program list and discovered that I have a program, where it came from I have no idea, however it is named Threat Expert Memory Scanner. I have no idea where this program came from or how it became installed on this computer. I ran a query in Windows BBS and discovered it is a big problem. What should I send you now for your review so I can remove this program and get this system in working order? I have included the weblink for the program that I just found for your review, Thanks.

http://www.threatexpert.com
Copyright (c) 2008 ThreatExpert Ltd. All rights reserved.

CountVak · 2009/03/01

Here is a copy of the Hijack this log that I just was able to run for you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:53 PM, on 2/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PC Tools Disk Suite (DiskSuiteService) - PC Tools - C:\Program Files\PC Tools Disk Suite\DSService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 10230 bytes

CountVak · 2009/03/01

I ran a search for the combofix log file and there are none. I also cannot run a combofix scan. The program will start but will not progress past the combofix is loading status. The program seems active and states that it is updating but does not function properly.

Geri · 2009/03/01

Hi CountVak
noahdfear will be away for a while, he has asked me to cover for him while he's away.

Go to Control Panel > Program and features and see if Threat Expert Memory Scanner is listed, if so remove it.

Now lets see if we can get Combofix to run.

Right click on Combofix.exe click on Rename. Rename Combofix.exe to Mobocofix.exe, click anywhere on your desktop.

Now make sure that McAfee is disabled and double click on Mobocofix.exe and see if it will run.

Let me know.

Thanks
Geri

CountVak · 2009/03/02

Geri,

Thanks for your assistance. I have removed the Threat program by uninstalling it with Control Panel. I then renamed Combofix.exe to Mobocofix.exe and attempted to run the program with the same unsuccessful results as before. That being the Combofix updates then reloads then stalls at the combofix is preparing to scan line. I down loaded the TrendMicro HiJack this program again and ran a scan and included the log for your review. This is the only additional process I have done outside of your instructions. Let me know what else I should try. Thanks again for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:49 AM, on 3/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 10693 bytes

Geri · 2009/03/02

Hi
OK please delete the Combofix.exe that you have.

Please check and verify that C:\Qoobox and C:\ComboFix folders are not on your C Drive, as well as the C:\ComboFix.txt file. If they are please delete them manually.

Empty your recycle bin.

Now please do this.

Download RootRepeal.zip to your Desktop.

Extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.

Click on the Report tab, and then click on: Scan

A window opens asking what to include in the scan.

Check the following boxes then click OK:

Drivers

Files

Processes

SSDT

Stealth Objects

Hidden Services

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on, if not C)

Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Thanks
Geri

CountVak · 2009/03/05

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/03/04 23:27
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PID: 124 Status: -

Path: C:\Program Files\McAfee\VirusScan\Mcshield.exe
PID: 240 Status: -

Path: C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PID: 292 Status: -

Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 312 Status: -

Path: C:\Windows\System32\smss.exe
PID: 412 Status: -

Path: C:\Program Files\Avant Browser\avant.exe
PID: 444 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 552 Status: -

Path: C:\Windows\System32\wininit.exe
PID: 588 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 608 Status: -

Path: C:\Windows\System32\services.exe
PID: 640 Status: -

Path: C:\Windows\System32\lsass.exe
PID: 656 Status: -

Path: C:\Windows\System32\lsm.exe
PID: 664 Status: -

Path: C:\Windows\System32\winlogon.exe
PID: 736 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 820 Status: -

Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
PID: 848 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 860 Status: -

Path: C:\Program Files\McAfee\MSC\mcuimgr.exe
PID: 884 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 924 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1092 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1144 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1164 Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!

Path: C:\Windows\System32\svchost.exe
PID: 1268 Status: -

Path: C:\Windows\explorer.exe
PID: 1276 Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1288 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1332 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1452 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1524 Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 1652 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1680 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 1808 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1972 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2008 Status: -

Path: C:\Windows\System32\CISVC.EXE
PID: 2032 Status: -

Path: C:\Windows\System32\SearchIndexer.exe
PID: 2052 Status: -

Path: C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PID: 2120 Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 2292 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 2560 Status: -

Path: C:\Windows\ehome\ehmsas.exe
PID: 2632 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 2884 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
PID: 3160 Status: -

Path: C:\Windows\System32\dwm.exe
PID: 3252 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3292 Status: -

Path: C:\Windows\explorer.exe
PID: 3304 Status: -

Path: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PID: 3340 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3348 Status: -

Path: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PID: 3592 Status: -

Path: C:\Program Files\Microsoft IntelliType Pro\itype.exe
PID: 3628 Status: -

Path: C:\Windows\System32\hkcmd.exe
PID: 3684 Status: -

Path: C:\Windows\System32\igfxpers.exe
PID: 3700 Status: -

Path: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3736 Status: -

Path: C:\Program Files\McAfee.com\Agent\mcagent.exe
PID: 3792 Status: -

Path: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PID: 3808 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3832 Status: -

Path: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PID: 3844 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 3864 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3872 Status: -

Path: C:\Windows\ehome\ehtray.exe
PID: 3880 Status: -

Path: C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PID: 3892 Status: -

Path: C:\Program Files\TomTom HOME 2\HOMERunner.exe
PID: 3916 Status: -

Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PID: 3932 Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3960 Status: -

Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 3976 Status: -

Path: C:\Users\Steven Vakula\Documents\RootRepeal\RootRepeal.exe
PID: 4304 Status: -

Path: C:\Program Files\WinZip\WZQKPICK.EXE
PID: 5336 Status: -

Path: C:\Windows\System32\SearchFilterHost.exe
PID: 5852 Status: -

I believe this is what you asked for? Let me know what else you may need? Thanks again for your help Geri.

Geri · 2009/03/05

Hi
Was the the complete log? There should have been more?

Geri

CountVak · 2009/03/06

Yes. I will run the last request again to see if more information will be displayed. I have found that I run the request once and then things keep popping up after the fact for some reason. let me rerun and submit.

CountVak · 2009/03/06

Geri I reran the Rootrepeal and here is the log. For your information I do not seem to be asked all or even given the choice of selection for the scan. I just have the scan button and everything appears checked and the scan will start and finishes rather quickly? Here is the last log:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/03/05 23:36
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x85C8C000 Size: 286720 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81E19000 Size: 3903488 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8BD0E000 Size: 294912 File Visible: -
Status: -

Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0x81677000 Size: 36864 File Visible: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x85D9D000 Size: 32768 File Visible: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x85DA5000 Size: 122880 File Visible: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0xA9170000 Size: 311296 File Visible: -
Status: -

Name: BdaSup.SYS
Image Path: C:\Windows\system32\DRIVERS\BdaSup.SYS
Address: 0x8BC00000 Size: 12288 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x9D05C000 Size: 28672 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8067C000 Size: 32768 File Visible: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x81166000 Size: 102400 File Visible: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x81687000 Size: 90112 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8BC55000 Size: 98304 File Visible: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x806C5000 Size: 917504 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x807C4000 Size: 135168 File Visible: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80684000 Size: 266240 File Visible: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x861F1000 Size: 36864 File Visible: -
Status: -

Name: csc.sys
Image Path: C:\Windows\system32\drivers\csc.sys
Address: 0x9D6A8000 Size: 368640 File Visible: -
Status: -

Name: dc3d.sys
Image Path: C:\Windows\system32\DRIVERS\dc3d.sys
Address: 0x9D732000 Size: 36864 File Visible: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x9D702000 Size: 94208 File Visible: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x861E0000 Size: 69632 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x9D00C000 Size: 151552 File Visible: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9D7BF000 Size: 40960 File Visible: -
Status: -

Name: dxg.sys
Image Path: C:\Windows\System32\drivers\dxg.sys
Address: 0xA8CB0000 Size: 94208 File Visible: -
Status: -

Name: e100b325.sys
Image Path: C:\Windows\system32\DRIVERS\e100b325.sys
Address: 0x8B9BE000 Size: 158720 File Visible: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x86195000 Size: 159744 File Visible: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x9D78A000 Size: 163840 File Visible: -
Status: -

Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8BC0B000 Size: 45056 File Visible: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807A5000 Size: 65536 File Visible: -
Status: -

Name: flpydisk.sys
Image Path: C:\Windows\system32\DRIVERS\flpydisk.sys
Address: 0x9D031000 Size: 40960 File Visible: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x85DC3000 Size: 204800 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x9D04C000 Size: 36864 File Visible: -
Status: -

Name: fvevol.sys
Image Path: C:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x861BC000 Size: 147456 File Visible: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x9D1AB000 Size: 110592 File Visible: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8BC6F000 Size: 9984 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x821D2000 Size: 208896 File Visible: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8B954000 Size: 73728 File Visible: -
Status: -

Name: HdAudio.sys
Image Path: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x8C180000 Size: 258048 File Visible: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x9D744000 Size: 65536 File Visible: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x9D07F000 Size: 28672 File Visible: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x9D73B000 Size: 36864 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x810DE000 Size: 438272 File Visible: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x9D063000 Size: 77824 File Visible: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\Windows\System32\igxpdv32.DLL
Address: 0xA9000000 Size: 1445888 File Visible: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\Windows\System32\igxpdx32.DLL
Address: 0xA9890000 Size: 2306048 File Visible: -
Status: -

Name: igxpgd32.dll
Image Path: C:\Windows\System32\igxpgd32.dll
Address: 0xA8D10000 Size: 167936 File Visible: -
Status: -

Name: igxpmp32.sys
Image Path: C:\Windows\system32\DRIVERS\igxpmp32.sys
Address: 0x8B805000 Size: 1181824 File Visible: -
Status: -

Name: igxprd32.dll
Image Path: C:\Windows\System32\igxprd32.dll
Address: 0xA8D50000 Size: 73728 File Visible: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x85D72000 Size: 28672 File Visible: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x807E5000 Size: 61440 File Visible: -
Status: -

Name: intelsmb.sys
Image Path: C:\Windows\system32\DRIVERS\intelsmb.sys
Address: 0x8BC72000 Size: 45184 File Visible: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Address: 0x9D1ED000 Size: 73728 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x807F4000 Size: 45056 File Visible: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x9D754000 Size: 36864 File Visible: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80603000 Size: 32768 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8BDD6000 Size: 172032 File Visible: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x85E04000 Size: 462848 File Visible: -
Status: -

Name: Lbd.sys
Image Path: C:\Windows\system32\DRIVERS\Lbd.sys
Address: 0x807B5000 Size: 57472 File Visible: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x810BB000 Size: 65536 File Visible: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x9D7C9000 Size: 110592 File Visible: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8060B000 Size: 393216 File Visible: -
Status: -

Name: mfeavfk.sys
Image Path: C:\Windows\system32\drivers\mfeavfk.sys
Address: 0x8179A000 Size: 72576 File Visible: -
Status: -

Name: mfebopk.sys
Image Path: C:\Windows\system32\drivers\mfebopk.sys
Address: 0x81793000 Size: 28512 File Visible: -
Status: -

Name: mfehidk.sys
Image Path: C:\Windows\system32\drivers\mfehidk.sys
Address: 0x9D678000 Size: 194592 File Visible: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8C13D000 Size: 61440 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8C119000 Size: 45056 File Visible: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x9D765000 Size: 32768 File Visible: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x85D87000 Size: 65536 File Visible: -
Status: -

Name: Mpfp.sys
Image Path: C:\Windows\System32\Drivers\Mpfp.sys
Address: 0x9D1C6000 Size: 159744 File Visible: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x8117F000 Size: 86016 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x81194000 Size: 126976 File Visible: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x811B3000 Size: 233472 File Visible: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8B9E5000 Size: 98304 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x9D0A2000 Size: 45056 File Visible: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x85CDB000 Size: 32768 File Visible: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8BC7E000 Size: 188416 File Visible: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x85F80000 Size: 176128 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8C126000 Size: 40960 File Visible: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x86186000 Size: 61440 File Visible: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x85E75000 Size: 1093632 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8C01A000 Size: 45056 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8C025000 Size: 143360 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x9D03B000 Size: 69632 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8BD9E000 Size: 57344 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8BD56000 Size: 204800 File Visible: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x85FAB000 Size: 237568 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x9D0AD000 Size: 57344 File Visible: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x9D66E000 Size: 40960 File Visible: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x86003000 Size: 1110016 File Visible: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Address: 0x8BC6D000 Size: 6912 File Visible: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81E19000 Size: 3903488 File Visible: -
Status: -

Name: NuidFltr.sys
Image Path: C:\Windows\system32\DRIVERS\NuidFltr.sys
Address: 0x9D75D000 Size: 32768 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x9D055000 Size: 28672 File Visible: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8BD88000 Size: 90112 File Visible: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8BC3A000 Size: 98304 File Visible: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x85D0A000 Size: 61440 File Visible: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x81680000 Size: 28672 File Visible: -
Status: -

Name: pavboot.sys
Image Path: C:\Windows\system32\drivers\pavboot.sys
Address: 0x85D97000 Size: 21888 File Visible: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x85CE3000 Size: 159744 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x85D79000 Size: 57344 File Visible: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x8169D000 Size: 909312 File Visible: -
Status: -

Name: pfc.sys
Image Path: C:\Windows\system32\drivers\pfc.sys
Address: 0x8BC52000 Size: 10368 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81E19000 Size: 3903488 File Visible: -
Status: -

Name: point32k.sys
Image Path: C:\Windows\system32\DRIVERS\point32k.sys
Address: 0x9D76D000 Size: 45056 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8C1BF000 Size: 184320 File Visible: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8066B000 Size: 69632 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x9D0BB000 Size: 36864 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8C003000 Size: 94208 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8C048000 Size: 61440 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8C057000 Size: 81920 File Visible: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8C06B000 Size: 86016 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81E19000 Size: 3903488 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x9D632000 Size: 245760 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x9D092000 Size: 32768 File Visible: -
Status: -

Name: rdpdr.sys
Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys
Address: 0x8C080000 Size: 561152 File Visible: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x9D09A000 Size: 32768 File Visible: -
Status: -

Name: RDPWD.SYS
Image Path: C:\Windows\System32\Drivers\RDPWD.SYS
Address: 0x817C3000 Size: 208896 File Visible: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x81000000 Size: 45056 File Visible: No
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x810CB000 Size: 77824 File Visible: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x9D62B000 Size: 28672 File Visible: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0x817F6000 Size: 20480 File Visible: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0x9D60A000 Size: 135168 File Visible: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x8177B000 Size: 40960 File Visible: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8BC30000 Size: 40960 File Visible: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8BC16000 Size: 106496 File Visible: -
Status: -

Name: sf.sys
Image Path: C:\Windows\system32\drivers\sf.sys
Address: 0x8617E000 Size: 30112 File Visible: -
Status: -

Name: SIODRV.SYS
Image Path: C:\WINDOWS\system32\drivers\SIODRV.SYS
Address: 0x81785000 Size: 7424 File Visible: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8C1EC000 Size: 81920 File Visible: -
Status: -

Name: SMBios.sys
Image Path: C:\Windows\system32\DRIVERS\SMBios.sys
Address: 0x85FE5000 Size: 36416 File Visible: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x86176000 Size: 32768 File Visible: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8100C000 Size: 716800 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x8162B000 Size: 311296 File Visible: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x81604000 Size: 159744 File Visible: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x81149000 Size: 118784 File Visible: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8BCAC000 Size: 266240 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8C124000 Size: 4992 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x9D0C4000 Size: 946176 File Visible: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x81787000 Size: 49152 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8BCED000 Size: 45056 File Visible: -
Status: -

Name: tdtcp.sys
Image Path: C:\Windows\system32\drivers\tdtcp.sys
Address: 0x817AC000 Size: 45056 File Visible: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8BCF8000 Size: 90112 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8C109000 Size: 65536 File Visible: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0xA8CE0000 Size: 36864 File Visible: -
Status: -

Name: tssecsrv.sys
Image Path: C:\Windows\System32\DRIVERS\tssecsrv.sys
Address: 0x817B7000 Size: 49152 File Visible: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x85DF5000 Size: 36864 File Visible: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x85FF2000 Size: 45056 File Visible: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8C130000 Size: 53248 File Visible: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x9D719000 Size: 94208 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x9D730000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8B9AF000 Size: 61440 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8C14C000 Size: 212992 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8B971000 Size: 253952 File Visible: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x811EC000 Size: 73728 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8B966000 Size: 45056 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x9D086000 Size: 49152 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0x8B926000 Size: 135168 File Visible: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x85D19000 Size: 61440 File Visible: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x85D28000 Size: 303104 File Visible: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8613D000 Size: 233472 File Visible: -
Status: -

Name: VVBackd5.sys
Image Path: C:\Windows\System32\Drivers\VVBackd5.sys
Address: 0x86112000 Size: 175520 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8BDAC000 Size: 77824 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\system32\DRIVERS\watchdog.sys
Address: 0x8B947000 Size: 53248 File Visible: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x85C03000 Size: 507904 File Visible: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x85C7F000 Size: 53248 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xA8AA0000 Size: 2105344 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0xA8AA0000 Size: 2105344 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x85CD2000 Size: 36864 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81E19000 Size: 3903488 File Visible: -
Status: -

Name: ৌ茲ৌ茲
Image Path: ৌ茲ৌ茲
Address: 0x861E0000 Size: 69632 File Visible: No
Status: Hidden from Windows API!

Name: ೼茲೼茲ഄ茲ഄ茲ഌ茲ഌ茲ഔ茲ഔ茲䀈꾟꾆ത茲ത茲ബ茲ബ茲ഴ茲ഴ茲഼茲഼茲ൄ茲ൄ茲ൌ茲ൌ茲ဈ됝ဈ됝൜茲൜茲൤茲൤茲괷괷൴茲൴茲ർ茲ർ茲඄茲඄茲 궄 궄ඔ茲ඔ茲ග茲ග茲ඤ茲ඤ茲ඬ茲ඬ茲ප茲ප茲඼茲඼茲හ茲හ茲෌茲෌茲ු茲ු茲ො茲ො茲෤茲෤茲෬茲෬茲෴茲෴茲෼茲෼茲ค茲ค茲ฌ茲ฌ茲ด茲ด茲ผ茲ผ茲ฤ茲ฤ茲ฬ茲ฬ茲ิ茲ิ茲฼茲฼茲ไ茲ไ茲์茲์茲怈밒怈밒๜茲๜茲๤茲๤茲๬茲๬茲䊐衛䊐衛๼茲๼茲ຄ茲ຄ茲뉸몮뉸몮ດ茲ດ茲鈀됋鈀됋຤茲຤茲ຬ茲ຬ茲ິ茲ິ茲ຼ茲ຼ茲ໄ茲ໄ茲໌茲໌茲໔茲໔茲ໜ茲ໜ茲໤茲໤茲໬茲໬茲໴茲໴茲໼茲໼茲༄茲༄茲꾝꾝༔茲༔茲༜茲༜茲༤茲༤茲༬茲༬茲༴茲༴茲༼茲༼茲ང茲ང茲ཌ茲ཌ茲པ茲པ茲膨궝膨궝ꆠ莩ꆠ莩ᆘ겛ᆘ겛ུ茲ུ茲ོ茲ོ茲྄茲྄茲ྌ茲ྌ茲ྔ茲ྔ茲ྜ茲ྜ茲ྤ茲ྤ茲ྫྷ茲ྫྷ茲ྴ茲ྴ茲ྼ茲ྼ茲࿄茲࿄茲࿌茲࿌茲愰薒愰薒࿜茲࿜茲࿤茲࿤茲࿬茲࿬茲࿴茲࿴茲࿼茲࿼茲င茲င茲ဌ茲ဌ茲烰궈烰궈လ茲လ茲ဤ茲ဤ茲ာ茲ာ茲ဴ茲ဴ茲ြ茲ြ茲၄茲၄茲၌茲၌茲ၔ茲ၔ茲炨궍炨궍ၤ茲ၤ茲ၬ茲ၬ茲ၴ茲ၴ茲怈莨怈莨ႄ茲ႄ茲ႌ茲ႌ茲႔茲႔茲ႜ茲ႜ茲Ⴄ茲Ⴄ茲Ⴌ茲Ⴌ茲Ⴔ茲Ⴔ茲Ⴜ茲Ⴜ茲Ⴤ茲Ⴤ茲჌茲჌茲ე茲ე茲ნ茲ნ茲ფ茲ფ茲წ茲წ茲ჴ茲ჴ
Image Path: ೼茲೼茲ഄ茲ഄ茲ഌ茲ഌ茲ഔ茲ഔ茲䀈꾟꾆ത茲ത茲ബ茲ബ茲ഴ茲ഴ茲഼茲഼茲ൄ茲ൄ茲ൌ茲ൌ茲ဈ됝ဈ됝൜茲൜茲൤茲൤茲괷괷൴茲൴茲ർ茲ർ茲඄茲඄茲 궄 궄ඔ茲ඔ茲ග茲ග茲ඤ茲ඤ茲ඬ茲ඬ茲ප茲ප茲඼茲඼茲හ茲හ茲෌茲෌茲ු茲ු茲ො茲ො茲෤茲෤茲෬茲෬茲෴茲෴茲෼茲෼茲ค茲ค茲ฌ茲ฌ茲ด茲ด茲ผ茲ผ茲ฤ茲ฤ茲ฬ茲ฬ茲ิ茲ิ茲฼茲฼茲ไ茲ไ茲์茲์茲怈밒怈밒๜茲๜茲๤茲๤茲๬茲๬茲䊐衛䊐衛๼茲๼茲ຄ茲ຄ茲뉸몮뉸몮ດ茲ດ茲鈀됋鈀됋຤茲຤茲ຬ茲ຬ茲ິ茲ິ茲ຼ茲ຼ茲ໄ茲ໄ茲໌茲໌茲໔茲໔茲ໜ茲ໜ茲໤茲໤茲໬茲໬茲໴茲໴茲໼茲໼茲༄茲༄茲꾝꾝༔茲༔茲༜茲༜茲༤茲༤茲༬茲༬茲༴茲༴茲༼茲༼茲ང茲ང茲ཌ茲ཌ茲པ茲པ茲膨궝膨궝ꆠ莩ꆠ莩ᆘ겛ᆘ겛ུ茲ུ茲ོ茲ོ茲྄茲྄茲ྌ茲ྌ茲ྔ茲ྔ茲ྜ茲ྜ茲ྤ茲ྤ茲ྫྷ茲ྫྷ茲ྴ茲ྴ茲ྼ茲ྼ茲࿄茲࿄茲࿌茲࿌茲愰薒愰薒࿜茲࿜茲࿤茲࿤茲࿬茲࿬茲࿴茲࿴茲࿼茲࿼茲င茲င茲ဌ茲ဌ茲烰궈烰궈လ茲လ茲ဤ茲ဤ茲ာ茲ာ茲ဴ茲ဴ茲ြ茲ြ茲၄茲၄茲၌茲၌茲ၔ茲ၔ茲炨궍炨궍ၤ茲ၤ茲ၬ茲ၬ茲ၴ茲ၴ茲怈莨怈莨ႄ茲ႄ茲ႌ茲ႌ茲႔茲႔茲ႜ茲ႜ茲Ⴄ茲Ⴄ茲Ⴌ茲Ⴌ茲Ⴔ茲Ⴔ茲Ⴜ茲Ⴜ茲Ⴤ茲Ⴤ茲჌茲჌茲ე茲ე茲ნ茲ნ茲ფ茲ფ茲წ茲წ茲ჴ茲ჴ
Address: 0x86112000 Size: 175520 File Visible: No
Status: Hidden from Windows API!

Geri · 2009/03/06

Hi
Download ComboFix from Here to your Desktop.

Before saving it rename it to Mobofcix.exe then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks
Geri

CountVak · 2009/03/09

Geri, Well sorry to say I have tried all weekend to get ComboFix to run on this system and it is still as a matter of fact stuck on the initial blue screen with the message, Combofix is preparing to run....

I even removed the McAfee as I could not disable the real-time scanner, I went to Msconfig and attempted to start with basic services, pretty much everything I could think of, I even started at the beginning of the log and started at the beginning and redid all the request but I cannot get ComboFix to go past the start-up notification. Any suggestions?

Geri · 2009/03/09

Hi
Did you rename it before you saved it? It is very important to do so.

Please delete the one you have and download a freash copy. Make sure to rename it before you save it as in the earlier post.

Thanks
Geri

CountVak · 2009/03/14

I am unable to run ComboFix. I have tried for a week with no successful results. I have attempted to run kaperski on line scanner and now obtain an error message that the digital signature has an error. I get the same results when attempting to run trendmicro on line scanner. Do you have any suggestion?

Geri · 2009/03/14

Hi
OK, Please delete the Combofix.exe you have,

I need to see a new DDS scan.

Please don't try to run things on your own, If something shows up or disappears then I won't know what is happening and it just makes things harder to figure this out.
Thanks

Geri

CountVak · 2009/03/14

What is the DDS Scan so I can run it for you?

Log in or Sign up

Active System locks up in IE Explorer 8 and Mozilla Firefox

CountVak Inactive Thread Starter

noahdfear Inactive

CountVak Inactive Thread Starter

noahdfear Inactive

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Share This Page

Log in or Sign up

Active System locks up in IE Explorer 8 and Mozilla Firefox

CountVak Inactive Thread Starter

noahdfear Inactive

CountVak Inactive Thread Starter

noahdfear Inactive

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Geri Inactive Alumni

CountVak Inactive Thread Starter

Share This Page

Useful Searches