I cannot open Spybot, when I try I get the attached message. SHould I go ahead with the rest of the directions re: combofix?
Jim
I cannot open Spybot, when I try I get the attached message. SHould I go ahead with the rest of the directions re: combofix?
Jim
Hi,
Download this file to c:\program files folder and then drag 'n' drop spybot - search & destroy folder to it. See if you're able to run Spybot after that. If not, then run ComboFix despite of TeaTimer.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Got it to run. Here are the three logs. Thanks.
ComboFix 09-10-28.08 - James Collins 10/30/2009 13:32.3.2 - NTFSx86
Running from: c:\documents and settings\James Collins\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\install.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\kb913800.exe
c:\windows\system32\cpcp.cpo
c:\windows\system32\drivers\npf.sys
c:\windows\system32\E95THK16.EXE
c:\windows\system32\logs
c:\windows\system32\Packet.dll
c:\windows\system32\pst.dat
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
----- BITS: Possible infected sites -----
hxxp://mastoblastobrevodo.com
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-30 16:56 . 2009-10-30 16:56 85504 ----a-w- c:\program files\Inherit.exe
2009-10-18 13:55 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-15 21:35 . 2009-10-15 21:37 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\Roblox
2009-10-15 21:34 . 2009-10-24 20:12 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxVersions
2009-10-15 21:34 . 2009-10-15 21:35 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxDownloads
2009-10-13 23:12 . 2009-10-13 23:12 -------- d-----w- c:\program files\Lala.com
2009-10-13 23:12 . 2009-10-13 23:25 -------- d-----w- c:\documents and settings\James Collins\Application Data\Lala Music Mover
2009-10-01 22:34 . 2009-10-01 22:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-01 22:33 . 2009-10-01 22:33 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\Downloaded Installations
2009-10-01 22:30 . 2009-10-01 22:30 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony Setup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 17:09 . 2009-03-08 16:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 14:05 . 2006-10-12 00:00 -------- d-----w- c:\program files\McAfee
2009-10-30 09:20 . 2009-10-24 18:46 0 ----a-w- c:\windows\win32k.sys
2009-10-26 23:59 . 2006-10-28 20:41 -------- d-----w- c:\documents and settings\James Collins\Application Data\ZoomBrowser EX
2009-10-26 23:59 . 2006-10-28 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-26 11:53 . 2009-10-26 11:53 5883 ----a-w- c:\windows\system32\kqu1ur.tmp
2009-10-26 11:53 . 2009-10-26 11:53 91968 ----a-w- c:\windows\system32\ulxy44.tmp
2009-10-26 11:53 . 2009-10-26 11:53 32245 ----a-w- c:\windows\system32\fvbnm7.tmp
2009-10-26 11:12 . 2009-10-26 11:12 19456 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-26 11:12 . 2009-10-18 14:13 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-25 13:20 . 2009-10-25 13:19 -------- d-----w- c:\program files\ERUNT
2009-10-24 22:29 . 2009-10-24 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29 . 2009-10-24 22:29 -------- d-----w- c:\program files\Lavasoft
2009-10-24 22:29 . 2009-03-08 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 22:02 . 2009-02-16 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 22:00 . 2009-02-16 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 20:13 . 2006-10-12 00:01 -------- d-----w- c:\program files\Roxio
2009-10-24 19:25 . 2009-04-28 03:05 -------- d-----w- c:\program files\SpywareBlaster
2009-10-24 18:45 . 2009-10-19 13:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK
2009-10-24 18:41 . 2009-10-24 18:41 -------- d-----w- c:\program files\Atari
2009-10-24 02:06 . 2008-06-20 17:48 -------- d-----w- c:\program files\Turbine
2009-10-24 02:05 . 2006-10-11 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 19:33 . 2009-10-22 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\13965630
2009-10-18 14:14 . 2009-10-18 14:14 12465 ----a-w- c:\windows\system32\sqaqms.tmp
2009-10-18 14:14 . 2009-10-18 14:14 12158 ----a-w- c:\windows\system32\ibhyha.tmp
2009-10-18 14:14 . 2009-10-18 14:14 0 ----a-w- c:\windows\system32\cm.dat
2009-10-18 14:14 . 2009-10-18 14:14 8 ----a-w- c:\windows\system32\prt.dat
2009-10-17 16:34 . 2009-07-07 23:46 -------- d-----w- c:\program files\DOSBox-0.73
2009-10-01 22:30 . 2008-07-25 14:09 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony
2009-09-27 13:08 . 2009-09-27 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-26 21:39 . 2009-07-08 16:26 -------- d-----w- c:\documents and settings\James Collins\Application Data\.minecraft
2009-09-24 23:25 . 2008-04-08 21:57 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-23 12:55 . 2009-10-24 22:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-22 23:44 . 2009-09-21 20:32 -------- d-----w- c:\program files\N8
2009-09-20 19:20 . 2009-09-20 19:13 -------- d-----w- c:\documents and settings\James Collins\Application Data\U3
2009-09-20 18:20 . 2006-10-19 19:21 136000 -c--a-w- c:\documents and settings\James Collins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 18:18 . 2009-09-20 18:15 -------- d-----w- c:\program files\Web Publish
2009-09-20 18:15 . 2009-09-20 18:11 -------- d-----w- c:\program files\Broderbund
2009-09-18 20:30 . 2006-10-20 02:17 -------- d-----w- c:\documents and settings\James Collins\Application Data\Canon
2009-09-17 00:25 . 2009-09-17 00:25 -------- d-----w- c:\program files\Coupons
2009-09-16 14:22 . 2007-02-07 14:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-02-07 14:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-02-07 14:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 19:38 . 2009-09-15 19:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 00:15 . 2008-01-23 02:40 -------- d-----w- c:\program files\Steam
2009-09-14 22:29 . 2008-10-02 00:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-14 20:59 . 2006-10-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 00:11 . 2009-08-04 17:20 -------- d-----w- c:\documents and settings\James Collins\Application Data\Braid
2009-09-11 21:55 . 2006-12-23 19:46 -------- d-----w- c:\documents and settings\James Collins\Application Data\Apple Computer
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\program files\iTunes
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 20:22 . 2009-09-11 20:22 -------- d-----w- c:\program files\iPod
2009-09-11 20:22 . 2007-08-08 15:45 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 20:19 . 2009-09-11 20:18 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 02:12 . 2008-03-28 19:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 23:48 . 2009-09-08 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-06 23:42 . 2009-09-06 23:42 -------- d-----w- c:\documents and settings\James Collins\Application Data\Unity
2009-09-04 21:44 . 2009-09-21 20:33 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-09-21 20:33 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-07-10 01:21 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-09-21 20:33 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:15 . 2009-04-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-03 22:48 . 2009-09-03 22:48 -------- d-----w- c:\program files\Sparkplay Media
2009-08-26 08:00 . 2005-08-16 08:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:59 . 2009-07-21 11:42 34 ----a-w- c:\documents and settings\James Collins\jagex_runescape_preferences.dat
2009-08-17 16:29 . 2009-08-17 16:29 3 ----a-w- c:\windows\system32\mnprxp1.bin
2009-08-06 23:24 . 2005-08-16 08:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-08-16 08:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-16 08:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-08-16 08:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2005-08-16 08:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-08-16 08:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-12-05 11:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-07-19 03:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2005-08-16 08:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-08-16 08:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 02:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-03-15 13:58 . 2008-03-15 13:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06 . 2006-10-20 01:06 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20 . 2006-10-20 02:19 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20 . 2006-10-20 02:19 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
c:\documents and settings\James Collins\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-12-16 225280]
PowerReg Scheduler.exe [2007-2-11 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McProxy\\McProxy.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\McAfee\\MSK\\MskSrver.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mevo and the grooveriders demo\\Mevo.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wallace and gromit demo\\WallaceGromitDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"%windir%\\explorer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"13460:TCP"= 13460:TCP:*:Disabled:BitCometLite 13460 TCP
"13460:UDP"= 13460:UDP:*:Disabled:BitCometLite 13460 UDP
"56767:TCP"= 56767:TCP:Pando Media Booster
"56767:UDP"= 56767:UDP:Pando Media Booster
"56961:TCP"= 56961:TCP:Pando Media Booster
"56961:UDP"= 56961:UDP:Pando Media Booster
"53:UDP"= 53:UDP:Promo
"15602:TCP"= 15602:TCP:port
"18436:TCP"= 18436:TCP:port
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-24 1170768]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]
R3 cafd20fe-06de-444d-aff9-1c1458602f1e;cafd20fe-06de-444d-aff9-1c1458602f1e;d:\cds300\cds300.dll [x]
R3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2009-06-29 22136]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-27 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-27 218608]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-09-16 92296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:30]
2009-10-24 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
2007-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22]
2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22]
2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{4077B8ED-89F1-4902-8616-6A205CD0A29A}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 07:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Trusted Zone: mcafee.com\us
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
HKLM-Run-TimeSink Ad Client - c:\program files\TimeSink\AdGateway\TSAdBot.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-LADSPA_plugins-win_is1 - c:\program files\Audacity\Plug-Ins\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 13:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="nMjzxitZB/4VdJAdYfYnlnvYYu23aZR0MkH0nx1luC8xDJI5l78pxA=="
"PLCK"="VOBD6raQEIiMaDtdSc70Nd1y3NRW5C2r"
"Percents"="0 0.0339 0.2877 0.3684 0.3854 0.8608 0.8959 0.8988 "
"Increment"=".002410"
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="sz3qdEiwYrMHaIdStypx5EiPTglpXrHGwmEEtuCNm0hx7/DAfnqnSA=="
"PLCK"="MWqpPA71eVee3L5VyGRsYPpru91q3mBA"
"PHSH"=""
"Percents"="0.0012 0.0682 0.1506 0.4912 0.8176 0.8724 0.8776 "
"Increment"=".002577"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5524)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\eHome\ehmsas.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-10-30 13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 17:49
Pre-Run: 128,226,598,912 bytes free
Post-Run: 128,494,768,128 bytes free
- - End Of File - - 283F30D65C127BC778075A63CEF77050
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
==== Disk Partitions =========================
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.57
Access Drivers
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
American Greetings® Print! Premium 3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiosurf
Blueberry Garden Demo
Bonjour
Braid
Buddy Icon Maker 1.0.0.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600
Canon MP600 User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Castlevania & Contra
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
Cave Story Deluxe
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Cisco SSL VPN Client
Citrix Web Client
Clear Cache feature for Internet Explorer
Colorizer 1.0.0.1
Community Expansion Pack version 1.00
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.2
Dell Support Center (Support Software)
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Easy-WebPrint
EducateU
ELIcon
ESPNMotion
Fallout
Fox Kids Speedy Eggbert
Freedom Force® vs The 3rd Reich
Fritz7
Game Maker 7.0
Games, Music, & Photos Launcher
Geometry Wars
Google SketchUp 7
Grandmaster Challenge
Guild Wars
Hexen 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Lala Music Mover
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
LP Recorder
LP Ripper
MapleStory
McAfee SecurityCenter
McAfee Uninstaller
MCU
Media Go
Mevo and The Grooveriders Demo
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 3.0
Modem Helper
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Netflix Movie Viewer
NetWaiting
Neverdaunt:8Bit Beta
Neverwinter Nights
oggcodecs 0.71.0946
OpenAL
Osmos IGF Demo
Otto
Pando Media Booster
Photo Organizer
PlayStation(R)Network Downloader
PlayStation(R)Store
Project64 1.6
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealPlayer
ScanSoft OmniPage SE 4.0
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SigmaTel Audio
Skins
Solid State ION Internet Explorer Plugin
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony Media Manager for PSP 3.0
Sparkplayer (Beta)
Spybot - Search & Destroy
SpywareBlaster 4.2
Star Wars Battlefront II
Starcraft
Steam
Stonekeep
The Path - Prologue 1.1 beta 7
Turbine Download Manager - Live
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VDMSound
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
Wallace and Gromit Demo
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Xfire (remove only)
==== End Of File ===========================
DDS (Ver_09-10-26.01) - NTFSx86
Run by James Collins at 14:53:42.09 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_15
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mcafee.com\us
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-30 17:31:15 98816 ----a-w- c:\windows\sed.exe
2009-10-30 17:31:15 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 17:31:15 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 17:31:15 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 16:56:28 85504 ----a-w- c:\program files\Inherit.exe
2009-10-26 11:53:56 5883 ----a-w- c:\windows\system32\kqu1ur.tmp
2009-10-26 11:53:39 32245 ----a-w- c:\windows\system32\fvbnm7.tmp
2009-10-26 11:53:23 91968 ----a-w- c:\windows\system32\ulxy44.tmp
2009-10-26 11:12:00 19456 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-24 22:31:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 22:29:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29:04 0 d-----w- c:\program files\Lavasoft
2009-10-24 18:46:01 0 ----a-w- c:\windows\win32k.sys
2009-10-24 18:41:42 0 d-sh--w- c:\windows\system32\MPK
2009-10-24 18:41:31 0 d-----w- c:\program files\Atari
2009-10-22 19:23:36 0 d-----w- c:\docume~1\alluse~1\applic~1\13965630
2009-10-19 13:48:49 587 ----a-w- c:\windows\system32\runrefog.lnk
2009-10-19 13:48:49 587 ----a-w- c:\windows\system32\runrefog(2).lnk
2009-10-19 13:48:49 587 ----a-w- c:\windows\system32\runkgb.lnk
2009-10-19 13:48:49 587 ----a-w- c:\windows\system32\runkgb(2).lnk
2009-10-19 13:48:45 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MPK
2009-10-18 14:14:21 12465 ----a-w- c:\windows\system32\sqaqms.tmp
2009-10-18 14:14:21 0 ----a-w- c:\windows\system32\cm.dat
2009-10-18 14:14:17 12158 ----a-w- c:\windows\system32\ibhyha.tmp
2009-10-18 14:14:15 8 ----a-w- c:\windows\system32\prt.dat
2009-10-18 14:13:49 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 13:55:45 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-13 23:12:56 0 d-----w- c:\program files\Lala.com
2009-10-13 23:12:40 0 d-----w- c:\docume~1\jamesc~1\applic~1\Lala Music Mover
2009-10-01 22:34:41 0 d-----w- c:\program files\common files\Sony Shared
==================== Find3M ====================
2009-09-24 23:25:06 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-19 17:59:11 34 ----a-w- c:\documents and settings\james collins\jagex_runescape_preferences.dat
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06:56 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20:32 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20:34 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 14:54:57.75 ===============
Hi,
Are you familiar with these firewall port openings:
"53:UDP"= 53:UDP:Promo
"15602:TCP"= 15602:TCP:port
"18436:TCP"= 18436:TCP:port
Open notepad and copy/paste the text in the quotebox below into it:
Code:File:: c:\windows\system32\kqu1ur.tmp c:\windows\system32\ulxy44.tmp c:\windows\system32\fvbnm7.tmp c:\windows\system32\sqaqms.tmp c:\windows\system32\ibhyha.tmp c:\windows\system32\cm.dat c:\windows\system32\prt.dat c:\windows\system32\runrefog.lnk c:\windows\system32\runrefog(2).lnk c:\windows\system32\runkgb.lnk c:\windows\system32\runkgb(2).lnk c:\windows\system32\mnprxp1.bin DDS:: TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Folder:: c:\docume~1\alluse~1\applic~1\13965630 c:\program files\dna DirLook:: c:\program files\Atari Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\DNA\\btdna.exe"=- "c:\\WINDOWS\\system32\\dllhost.exe"=- "%windir%\\system32\\drivers\\svchost.exe"=- "%windir%\\explorer.exe"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13460:TCP"=- "13460:UDP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.
Uninstall this vulnerable Javas:
J2SE Runtime Environment 5.0 Update 6
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
I don't know anything about those firewall port openings.
Here is the Combofix log, and I am proceeding with the other directions.
Thank you.
ComboFix 09-10-28.08 - James Collins 10/30/2009 17:37.4.2 - NTFSx86
Running from: c:\documents and settings\James Collins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\James Collins\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
FILE ::
"c:\windows\system32\cm.dat"
"c:\windows\system32\fvbnm7.tmp"
"c:\windows\system32\ibhyha.tmp"
"c:\windows\system32\kqu1ur.tmp"
"c:\windows\system32\mnprxp1.bin"
"c:\windows\system32\prt.dat"
"c:\windows\system32\runkgb(2).lnk"
"c:\windows\system32\runkgb.lnk"
"c:\windows\system32\runrefog(2).lnk"
"c:\windows\system32\runrefog.lnk"
"c:\windows\system32\sqaqms.tmp"
"c:\windows\system32\ulxy44.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\alluse~1\applic~1\13965630
c:\program files\dna
c:\program files\dna\btdna.exe
c:\program files\dna\DNAcpl.cpl
c:\program files\dna\plugins\npbtdna.dll
c:\windows\system32\cm.dat
c:\windows\system32\fvbnm7.tmp
c:\windows\system32\ibhyha.tmp
c:\windows\system32\kqu1ur.tmp
c:\windows\system32\mnprxp1.bin
c:\windows\system32\prt.dat
c:\windows\system32\runkgb(2).lnk
c:\windows\system32\runkgb.lnk
c:\windows\system32\runrefog(2).lnk
c:\windows\system32\runrefog.lnk
c:\windows\system32\sqaqms.tmp
c:\windows\system32\ulxy44.tmp
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-30 18:42 . 2009-10-30 18:42 -------- d-----w- c:\windows\LastGood
2009-10-30 16:56 . 2009-10-30 16:56 85504 ----a-w- c:\program files\Inherit.exe
2009-10-26 11:12 . 2009-10-26 11:12 19456 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-25 13:19 . 2009-10-25 13:20 -------- d-----w- c:\program files\ERUNT
2009-10-24 22:31 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 22:29 . 2009-10-24 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29 . 2009-10-24 22:29 -------- d-----w- c:\program files\Lavasoft
2009-10-24 18:46 . 2009-10-30 09:20 0 ----a-w- c:\windows\win32k.sys
2009-10-24 18:41 . 2009-10-24 18:45 -------- d-sh--w- c:\windows\system32\MPK
2009-10-24 18:41 . 2009-10-24 18:41 -------- d-----w- c:\program files\Atari
2009-10-19 13:48 . 2009-10-24 18:45 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK
2009-10-18 14:13 . 2009-10-26 11:12 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 13:55 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-15 21:35 . 2009-10-15 21:37 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\Roblox
2009-10-15 21:34 . 2009-10-24 20:12 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxVersions
2009-10-15 21:34 . 2009-10-15 21:35 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxDownloads
2009-10-13 23:12 . 2009-10-13 23:12 -------- d-----w- c:\program files\Lala.com
2009-10-13 23:12 . 2009-10-13 23:25 -------- d-----w- c:\documents and settings\James Collins\Application Data\Lala Music Mover
2009-10-01 22:34 . 2009-10-01 22:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-01 22:33 . 2009-10-01 22:33 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\Downloaded Installations
2009-10-01 22:30 . 2009-10-01 22:30 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony Setup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 18:42 . 2006-10-12 00:00 -------- d-----w- c:\program files\McAfee
2009-10-30 17:09 . 2009-03-08 16:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-26 23:59 . 2006-10-28 20:41 -------- d-----w- c:\documents and settings\James Collins\Application Data\ZoomBrowser EX
2009-10-26 23:59 . 2006-10-28 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-24 22:29 . 2009-03-08 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 22:02 . 2009-02-16 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 22:00 . 2009-02-16 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 20:13 . 2006-10-12 00:01 -------- d-----w- c:\program files\Roxio
2009-10-24 19:25 . 2009-04-28 03:05 -------- d-----w- c:\program files\SpywareBlaster
2009-10-24 02:06 . 2008-06-20 17:48 -------- d-----w- c:\program files\Turbine
2009-10-24 02:05 . 2006-10-11 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 16:34 . 2009-07-07 23:46 -------- d-----w- c:\program files\DOSBox-0.73
2009-10-01 22:30 . 2008-07-25 14:09 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony
2009-09-27 13:08 . 2009-09-27 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-26 21:39 . 2009-07-08 16:26 -------- d-----w- c:\documents and settings\James Collins\Application Data\.minecraft
2009-09-24 23:25 . 2008-04-08 21:57 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-22 23:44 . 2009-09-21 20:32 -------- d-----w- c:\program files\N8
2009-09-20 19:20 . 2009-09-20 19:13 -------- d-----w- c:\documents and settings\James Collins\Application Data\U3
2009-09-20 18:20 . 2006-10-19 19:21 136000 -c--a-w- c:\documents and settings\James Collins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 18:18 . 2009-09-20 18:15 -------- d-----w- c:\program files\Web Publish
2009-09-20 18:15 . 2009-09-20 18:11 -------- d-----w- c:\program files\Broderbund
2009-09-18 20:30 . 2006-10-20 02:17 -------- d-----w- c:\documents and settings\James Collins\Application Data\Canon
2009-09-17 00:25 . 2009-09-17 00:25 -------- d-----w- c:\program files\Coupons
2009-09-16 14:22 . 2007-02-07 14:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-02-07 14:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-02-07 14:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 19:38 . 2009-09-15 19:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 00:15 . 2008-01-23 02:40 -------- d-----w- c:\program files\Steam
2009-09-14 22:29 . 2008-10-02 00:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-14 20:59 . 2006-10-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 00:11 . 2009-08-04 17:20 -------- d-----w- c:\documents and settings\James Collins\Application Data\Braid
2009-09-11 21:55 . 2006-12-23 19:46 -------- d-----w- c:\documents and settings\James Collins\Application Data\Apple Computer
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\program files\iTunes
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 20:22 . 2009-09-11 20:22 -------- d-----w- c:\program files\iPod
2009-09-11 20:22 . 2007-08-08 15:45 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 20:19 . 2009-09-11 20:18 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 02:12 . 2008-03-28 19:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 23:48 . 2009-09-08 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-06 23:42 . 2009-09-06 23:42 -------- d-----w- c:\documents and settings\James Collins\Application Data\Unity
2009-09-04 21:44 . 2009-09-21 20:33 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-09-21 20:33 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-07-10 01:21 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-09-21 20:33 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:15 . 2009-04-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-03 22:48 . 2009-09-03 22:48 -------- d-----w- c:\program files\Sparkplay Media
2009-08-26 08:00 . 2005-08-16 08:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:59 . 2009-07-21 11:42 34 ----a-w- c:\documents and settings\James Collins\jagex_runescape_preferences.dat
2009-08-06 23:24 . 2005-08-16 08:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-08-16 08:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-16 08:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-08-16 08:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2005-08-16 08:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-08-16 08:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-12-05 11:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-07-19 03:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2005-08-16 08:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-08-16 08:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 02:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-03-15 13:58 . 2008-03-15 13:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06 . 2006-10-20 01:06 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20 . 2006-10-20 02:19 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20 . 2006-10-20 02:19 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Atari ----
2009-05-26 00:44 . 2009-05-27 00:59 488 ----a-w- c:\program files\Atari\Demon Stone\IC020004(2).cfg
2009-05-26 00:44 . 2009-05-27 00:59 488 ----a-w- c:\program files\Atari\Demon Stone\IC020004.cfg
2009-05-26 00:34 . 2004-10-08 04:55 614400 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_zoobig(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 614400 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_zoobig.arx
2009-05-26 00:34 . 2004-10-08 04:55 614400 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_zoo(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 614400 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_zoo.arx
2009-05-26 00:34 . 2004-10-08 04:55 720896 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_ui(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 720896 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_ui.arx
2009-05-26 00:34 . 2004-10-08 04:55 786432 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_Tower(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 786432 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_Tower.arx
2009-05-26 00:34 . 2004-10-08 04:55 749568 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_temple(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 749568 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_temple.arx
2009-05-26 00:34 . 2004-10-08 04:55 696320 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_return(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 696320 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_return.arx
2009-05-26 00:34 . 2004-10-08 04:55 749568 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_omfg(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 749568 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_omfg.arx
2009-05-26 00:34 . 2004-10-08 04:55 720896 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_mithril(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 720896 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_mithril.arx
2009-05-26 00:34 . 2004-10-08 04:55 716800 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_limbo(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 716800 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_limbo.arx
2009-05-26 00:34 . 2004-10-08 04:55 737280 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_ikTest(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 737280 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_ikTest.arx
2009-05-26 00:34 . 2004-10-08 04:55 724992 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_gith(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 724992 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_gith.arx
2009-05-26 00:34 . 2004-10-08 04:55 745472 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_gemspark(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 745472 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_gemspark.arx
2009-05-26 00:34 . 2004-10-08 04:55 544768 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_fogtest(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 544768 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_fogtest.arx
2009-05-26 00:34 . 2004-10-08 04:55 737280 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_dragon(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 737280 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_dragon.arx
2009-05-26 00:34 . 2004-10-08 04:55 765952 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_chult(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 765952 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_chult.arx
2009-05-26 00:34 . 2004-10-08 04:55 733184 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_cedar(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 733184 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_cedar.arx
2009-05-26 00:34 . 2004-10-08 04:55 729088 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_Battle(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 729088 ----a-w- c:\program files\Atari\Demon Stone\particle\pfx_Battle.arx
2009-05-26 00:34 . 2004-10-08 04:55 1163264 ----a-w- c:\program files\Atari\Demon Stone\particle\particle(2).arx
2009-05-26 00:34 . 2004-10-08 04:55 1163264 ----a-w- c:\program files\Atari\Demon Stone\particle\particle.arx
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_09(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_09.ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_10(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_10.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_11(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_11.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_06(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_06.ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_07(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_07.ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_08(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 160 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_08.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_02(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_02.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_03(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_03.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_04(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_04.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_05(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_05.ply
2009-05-26 00:33 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\WOTC(2).ply
2009-05-26 00:33 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\WOTC.ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_01(2).ply
2009-05-26 00:33 . 2004-10-23 15:15 208 ----a-w- c:\program files\Atari\Demon Stone\audio\wt_01.ply
2009-05-26 00:33 . 2004-10-23 15:16 208 ----a-w- c:\program files\Atari\Demon Stone\audio\UI_AMB01(2).ply
2009-05-26 00:33 . 2004-10-23 15:16 208 ----a-w- c:\program files\Atari\Demon Stone\audio\UI_AMB01.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_amb02(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_amb02.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_15(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_15.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_16(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_16.ply
2009-05-26 00:33 . 2004-10-23 15:11 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_amb01(2).ply
2009-05-26 00:33 . 2004-10-23 15:11 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_amb01.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_13(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_13.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_14(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_14.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_12(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_12.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_09(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_09.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_10(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_10.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_11(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_11.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_06(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_06.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_07(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_07.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_08(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_08.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_02(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_02.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_03(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_03.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_04(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_04.ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_05(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 208 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_05.ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_01(2).ply
2009-05-26 00:33 . 2004-10-23 15:12 160 ----a-w- c:\program files\Atari\Demon Stone\audio\tp_01.ply
2009-05-26 00:33 . 2004-10-23 14:54 512 ----a-w- c:\program files\Atari\Demon Stone\audio\StrmTest(2).ply
2009-05-26 00:33 . 2004-10-23 14:54 512 ----a-w- c:\program files\Atari\Demon Stone\audio\StrmTest.ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_07(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_07.ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_05(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_05.ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_06(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_06.ply
2009-05-26 00:32 . 2004-10-23 15:09 160 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_03(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 160 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_03.ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_04(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_04.ply
2009-05-26 00:32 . 2004-10-23 15:09 160 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_01(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 160 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_01.ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_02(2).ply
2009-05-26 00:32 . 2004-10-23 15:09 208 ----a-w- c:\program files\Atari\Demon Stone\audio\mh_02.ply
2009-05-26 00:32 . 2004-10-23 14:52 176 ----a-w- c:\program files\Atari\Demon Stone\audio\MegSpdr1(2).ply
2009-05-26 00:32 . 2004-10-23 14:52 176 ----a-w- c:\program files\Atari\Demon Stone\audio\MegSpdr1.ply
2009-05-26 00:32 . 2004-10-23 15:05 368 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_COM02(2).ply
2009-05-26 00:32 . 2004-10-23 15:05 368 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_COM02.ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_COM01(2).ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_COM01.ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_AMB02(2).ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_AMB02.ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_AMB01(2).ply
2009-05-26 00:32 . 2004-10-23 15:05 208 ----a-w- c:\program files\Atari\Demon Stone\audio\LM_AMB01.ply
2009-05-26 00:32 . 2004-10-23 15:04 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_Intro(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_Intro.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM05(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM05.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM04(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM04.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM03(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM03.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM02(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM02.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM01(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_COM01.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_AMB02(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_AMB02.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\go_04(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\go_04.ply
2009-05-26 00:32 . 2004-10-23 15:04 256 ----a-w- c:\program files\Atari\Demon Stone\audio\go_05(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 256 ----a-w- c:\program files\Atari\Demon Stone\audio\go_05.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_AMB01(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GO_AMB01.ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\go_01(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 208 ----a-w- c:\program files\Atari\Demon Stone\audio\go_01.ply
2009-05-26 00:32 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\go_02(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\go_02.ply
2009-05-26 00:32 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\go_03(2).ply
2009-05-26 00:32 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\go_03.ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_Intro(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_Intro.ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR3(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR3.ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR2(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR2.ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR1(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 176 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_DOOR1.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM05(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM05.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM04(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM04.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM03(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM03.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM02(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM02.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM01(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_COM01.ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_AMB01(2).ply
2009-05-26 00:32 . 2004-10-23 15:02 208 ----a-w- c:\program files\Atari\Demon Stone\audio\GM_AMB01.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_24(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_24.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_21(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_21.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_22(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_22.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_23(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_23.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_18(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_18.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_19(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_19.ply
2009-05-26 00:32 . 2004-10-23 14:59 240 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_20(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 240 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_20.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_15(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_15.ply
2009-05-26 00:32 . 2004-10-23 14:59 240 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_16(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 240 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_16.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_17(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_17.ply
2009-05-26 00:32 . 2004-10-23 14:59 256 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_13(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 256 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_13.ply
2009-05-26 00:32 . 2004-10-23 14:59 192 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_14(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 192 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_14.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_10(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_10.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_11(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_11.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_12(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_12.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_07(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_07.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_08(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_08.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_09(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_09.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_06(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_06.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_05(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_05.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_04(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_04.ply
2009-05-26 00:32 . 2004-10-23 14:59 304 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_03(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 304 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_03.ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_01(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 208 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_01.ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_02(2).ply
2009-05-26 00:32 . 2004-10-23 14:59 160 ----a-w- c:\program files\Atari\Demon Stone\audio\dr_02.ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_9(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_9.ply
2009-05-26 00:32 . 2004-10-23 14:54 288 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_6(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 288 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_6.ply
2009-05-26 00:32 . 2004-10-23 14:54 352 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_7(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 352 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_7.ply
2009-05-26 00:32 . 2004-10-23 14:54 272 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_8(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 272 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_8.ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_3(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_3.ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_4(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_4.ply
2009-05-26 00:32 . 2004-10-23 14:54 368 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_5(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 368 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_5.ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus14(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus14.ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_1(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_1.ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_2(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 176 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus_2.ply
2009-05-26 00:32 . 2004-10-23 14:54 272 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus12(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 272 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus12.ply
2009-05-26 00:32 . 2004-10-23 14:54 304 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus13(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 304 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus13.ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus11(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus11.ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus10(2).ply
2009-05-26 00:32 . 2004-10-23 14:54 256 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_mus10.ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_5(2).ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_5.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_4(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_4.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_3(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_3.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_2(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_2.ply
2009-05-26 00:31 . 2004-10-23 14:55 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_15(2).ply
2009-05-26 00:31 . 2004-10-23 14:55 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_15.ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_16(2).ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_16.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_1(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_amb_1.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_12(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_12.ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_13(2).ply
2009-05-26 00:31 . 2004-10-23 14:55 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_13.ply
2009-05-26 00:31 . 2004-10-23 14:55 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_14(2).ply
2009-05-26 00:31 . 2004-10-23 14:55 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_14.ply
2009-05-26 00:31 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_09(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_09.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_10(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_10.ply
2009-05-26 00:31 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_11(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_11.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_04(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_04.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_05(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_05.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_06(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_06.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_08(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_08.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_03(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_03.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_02(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_02.ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_01(2).ply
2009-05-26 00:31 . 2004-10-23 14:54 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ch_01.ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\CE_AMB02(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\CE_AMB02.ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\CE_AMB01(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\CE_AMB01.ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_04(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_04.ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_05(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_05.ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_06(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_06.ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_02(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 208 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_02.ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_03(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_03.ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_01(2).ply
2009-05-26 00:31 . 2004-10-23 14:52 160 ----a-w- c:\program files\Atari\Demon Stone\audio\ce_01.ply
2009-05-26 00:31 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\Candle(2).ply
2009-05-26 00:31 . 2004-10-23 15:04 160 ----a-w- c:\program files\Atari\Demon Stone\audio\Candle.ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_09(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_09.ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_10(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_10.ply
2009-05-26 00:31 . 2004-10-23 14:50 240 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_08(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 240 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_08.ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_05(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_05.ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_06(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_06.ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_07(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_07.ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_03(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_03.ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_04(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 160 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_04.ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_02(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_02.ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_01(2).ply
2009-05-26 00:31 . 2004-10-23 14:50 208 ----a-w- c:\program files\Atari\Demon Stone\audio\bf_01.ply
2009-05-26 00:30 . 2004-10-13 16:29 338944 ----a-w- c:\program files\Atari\Demon Stone\binkw32(2).dll
2009-05-26 00:30 . 2004-10-13 16:29 338944 ----a-w- c:\program files\Atari\Demon Stone\binkw32.dll
2009-05-26 00:30 . 2004-11-17 17:55 4915200 ----a-w- c:\program files\Atari\Demon Stone\DemonStone(2).exe
2009-05-26 00:30 . 2004-11-17 17:55 4915200 ------w- c:\program files\Atari\Demon Stone\DemonStone.exe
2009-05-26 00:30 . 2004-11-11 02:16 3706880 ----a-w- c:\program files\Atari\Demon Stone\demonlaunch(2).exe
2009-05-26 00:30 . 2004-11-11 02:16 3706880 ------w- c:\program files\Atari\Demon Stone\demonlaunch.exe
((((((((((((((((((((((((((((( SnapShot@2009-10-30_17.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 13:32 . 2009-10-30 18:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-25 13:32 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-18 12:48 . 2009-10-30 18:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-18 12:48 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-30 18:41 . 2009-10-30 18:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-18 12:48 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
c:\documents and settings\James Collins\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-12-16 225280]
PowerReg Scheduler.exe [2007-2-11 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McProxy\\McProxy.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\McAfee\\MSK\\MskSrver.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mevo and the grooveriders demo\\Mevo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wallace and gromit demo\\WallaceGromitDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"56767:TCP"= 56767:TCP:Pando Media Booster
"56767:UDP"= 56767:UDP:Pando Media Booster
"56961:TCP"= 56961:TCP:Pando Media Booster
"56961:UDP"= 56961:UDP:Pando Media Booster
"53:UDP"= 53:UDP:Promo
"15602:TCP"= 15602:TCP:port
"18436:TCP"= 18436:TCP:port
R2 0132351256928138mcinstcleanup;McAfee Application Installer Cleanup (0132351256928138);c:\windows\TEMP\013235~1.EXE [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-24 1170768]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]
R3 cafd20fe-06de-444d-aff9-1c1458602f1e;cafd20fe-06de-444d-aff9-1c1458602f1e;d:\cds300\cds300.dll [x]
R3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2009-06-29 22136]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-27 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-27 218608]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-09-16 92296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:30]
2009-10-24 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
2007-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22]
2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22]
2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{4077B8ED-89F1-4902-8616-6A205CD0A29A}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 07:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Trusted Zone: mcafee.com\us
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 17:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="nMjzxitZB/4VdJAdYfYnlnvYYu23aZR0MkH0nx1luC8xDJI5l78pxA=="
"PLCK"="VOBD6raQEIiMaDtdSc70Nd1y3NRW5C2r"
"Percents"="0 0.0339 0.2877 0.3684 0.3854 0.8608 0.8959 0.8988 "
"Increment"=".002410"
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="sz3qdEiwYrMHaIdStypx5EiPTglpXrHGwmEEtuCNm0hx7/DAfnqnSA=="
"PLCK"="MWqpPA71eVee3L5VyGRsYPpru91q3mBA"
"PHSH"=""
"Percents"="0.0012 0.0682 0.1506 0.4912 0.8176 0.8724 0.8776 "
"Increment"=".002577"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-30 17:48
ComboFix-quarantined-files.txt 2009-10-30 21:48
ComboFix2.txt 2009-10-30 17:49
Pre-Run: 130,471,284,736 bytes free
Post-Run: 130,426,179,584 bytes free
- - End Of File - - 77D7700B0B021671E7850DB4E485B17C
Ok. We'll see this further after those other reports are ready
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Here are the three reports: Kaspersky, DDS. Thank you.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 31, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 31, 2009 13:17:36
Records in database: 3108569
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 148121
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:44:46
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\cpcp.cpo.vir Infected: Backdoor.Win32.Bredavi.aot 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1114\A0195074.dll Infected: Rootkit.Win32.PMax.h 1
C:\WINDOWS\system32\41h35p83.tmp Infected: Trojan-Clicker.Win32.Agent.iqk 1
C:\WINDOWS\system32\hcjvt7zs.tmp Infected: Trojan-Spy.Win32.Agent.bbao 1
C:\WINDOWS\system32\ms32clod.dll Infected: Trojan-Spy.Win32.Agent.bbas 1
C:\WINDOWS\system32\perfc5932.dat Infected: Trojan-Spy.Win32.Agent.bbao 1
Selected area has been scanned.
DDS (Ver_09-10-26.01) - NTFSx86
Run by James Collins at 12:22:15.79 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_15
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mcafee.com\us
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-30 21:35:40 0 d-----w- C:\ComboFix
2009-10-30 17:31:15 98816 ----a-w- c:\windows\sed.exe
2009-10-30 17:31:15 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 17:31:15 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 17:31:15 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 16:56:28 85504 ----a-w- c:\program files\Inherit.exe
2009-10-26 11:12:00 19456 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-24 22:31:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 22:29:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29:04 0 d-----w- c:\program files\Lavasoft
2009-10-24 18:46:01 0 ----a-w- c:\windows\win32k.sys
2009-10-24 18:41:42 0 d-sh--w- c:\windows\system32\MPK
2009-10-24 18:41:31 0 d-----w- c:\program files\Atari
2009-10-19 13:48:45 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MPK
2009-10-18 14:13:49 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 13:55:45 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-13 23:12:56 0 d-----w- c:\program files\Lala.com
2009-10-13 23:12:40 0 d-----w- c:\docume~1\jamesc~1\applic~1\Lala Music Mover
2009-10-01 22:34:41 0 d-----w- c:\program files\common files\Sony Shared
==================== Find3M ====================
2009-09-24 23:25:06 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-19 17:59:11 34 ----a-w- c:\documents and settings\james collins\jagex_runescape_preferences.dat
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06:56 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20:32 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20:34 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 12:23:01.37 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
==== Disk Partitions =========================
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.57
Access Drivers
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
American Greetings® Print! Premium 3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiosurf
Blueberry Garden Demo
Bonjour
Braid
Buddy Icon Maker 1.0.0.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600
Canon MP600 User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Castlevania & Contra
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
Cave Story Deluxe
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Cisco SSL VPN Client
Citrix Web Client
Clear Cache feature for Internet Explorer
Colorizer 1.0.0.1
Community Expansion Pack version 1.00
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.2
Dell Support Center (Support Software)
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Easy-WebPrint
EducateU
ELIcon
ESPNMotion
Fallout
Fox Kids Speedy Eggbert
Freedom Force® vs The 3rd Reich
Fritz7
Game Maker 7.0
Games, Music, & Photos Launcher
Geometry Wars
Google SketchUp 7
Grandmaster Challenge
Guild Wars
Hexen 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
Java(TM) 6 Update 15
Lala Music Mover
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
LP Recorder
LP Ripper
MapleStory
McAfee SecurityCenter
McAfee Uninstaller
MCU
Media Go
Mevo and The Grooveriders Demo
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 3.0
Modem Helper
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Netflix Movie Viewer
NetWaiting
Neverdaunt:8Bit Beta
Neverwinter Nights
oggcodecs 0.71.0946
OpenAL
Osmos IGF Demo
Otto
Pando Media Booster
Photo Organizer
PlayStation(R)Network Downloader
PlayStation(R)Store
Project64 1.6
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealPlayer
ScanSoft OmniPage SE 4.0
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SigmaTel Audio
Skins
Solid State ION Internet Explorer Plugin
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony Media Manager for PSP 3.0
Sparkplayer (Beta)
Spybot - Search & Destroy
SpywareBlaster 4.2
Star Wars Battlefront II
Starcraft
Steam
Stonekeep
The Path - Prologue 1.1 beta 7
Turbine Download Manager - Live
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VDMSound
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
Wallace and Gromit Demo
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Xfire (remove only)
==== End Of File ===========================
Open notepad and copy/paste the text in the quotebox below into it:
Code:http://forums.spybot.info/showthread.php?p=344789#post344789 Collect:: C:\WINDOWS\system32\41h35p83.tmp C:\WINDOWS\system32\hcjvt7zs.tmp C:\WINDOWS\system32\ms32clod.dll C:\WINDOWS\system32\perfc5932.dat Rootkit:: c:\windows\win32k.sys Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"=- "15602:TCP"=- "18436:TCP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello,
Here are the three logs. Computer seems to be running fine. I haven't tried to run a Spybot or Ad-aware scan yet (which was one of the problems - they wouldn't run). Should I try those now? Thanks.
ComboFix 09-10-30.01 - James Collins 11/01/2009 8:08.5.2 - NTFSx86
Running from: c:\documents and settings\James Collins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\James Collins\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
file zipped: c:\windows\system32\41h35p83.tmp
file zipped: c:\windows\system32\hcjvt7zs.tmp
file zipped: c:\windows\system32\ms32clod.dll
file zipped: c:\windows\system32\perfc5932.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\41h35p83.tmp
c:\windows\system32\hcjvt7zs.tmp
c:\windows\system32\ms32clod.dll
c:\windows\system32\perfc5932.dat
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-10-31 17:52 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-31 17:51 . 2009-10-31 17:52 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-31 17:51 . 2009-10-31 17:51 -------- d-----w- c:\program files\McAfee.com
2009-10-31 17:51 . 2009-10-31 17:53 -------- d-----w- c:\program files\McAfee
2009-10-30 22:43 . 2009-10-30 22:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-30 16:56 . 2009-10-30 16:56 85504 ----a-w- c:\program files\Inherit.exe
2009-10-25 13:19 . 2009-10-25 13:20 -------- d-----w- c:\program files\ERUNT
2009-10-24 22:31 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 22:29 . 2009-10-24 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29 . 2009-10-24 22:29 -------- d-----w- c:\program files\Lavasoft
2009-10-24 18:41 . 2009-10-24 18:45 -------- d-sh--w- c:\windows\system32\MPK
2009-10-24 18:41 . 2009-10-24 18:41 -------- d-----w- c:\program files\Atari
2009-10-19 13:48 . 2009-10-24 18:45 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK
2009-10-18 14:13 . 2009-10-26 11:12 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 13:55 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-15 21:35 . 2009-10-15 21:37 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\Roblox
2009-10-15 21:34 . 2009-10-24 20:12 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxVersions
2009-10-15 21:34 . 2009-10-15 21:35 -------- d-----w- c:\documents and settings\James Collins\Local Settings\Application Data\RobloxDownloads
2009-10-13 23:12 . 2009-10-13 23:12 -------- d-----w- c:\program files\Lala.com
2009-10-13 23:12 . 2009-10-13 23:25 -------- d-----w- c:\documents and settings\James Collins\Application Data\Lala Music Mover
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 17:54 . 2006-10-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-31 16:35 . 2009-09-08 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-30 22:44 . 2007-02-27 01:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 17:09 . 2009-03-08 16:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-26 23:59 . 2006-10-28 20:41 -------- d-----w- c:\documents and settings\James Collins\Application Data\ZoomBrowser EX
2009-10-26 23:59 . 2006-10-28 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-24 22:29 . 2009-03-08 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 22:02 . 2009-02-16 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 22:00 . 2009-02-16 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 20:13 . 2006-10-12 00:01 -------- d-----w- c:\program files\Roxio
2009-10-24 19:25 . 2009-04-28 03:05 -------- d-----w- c:\program files\SpywareBlaster
2009-10-24 02:06 . 2008-06-20 17:48 -------- d-----w- c:\program files\Turbine
2009-10-24 02:05 . 2006-10-11 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 16:34 . 2009-07-07 23:46 -------- d-----w- c:\program files\DOSBox-0.73
2009-10-01 22:34 . 2009-10-01 22:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-01 22:30 . 2009-10-01 22:30 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony Setup
2009-10-01 22:30 . 2008-07-25 14:09 -------- d-----w- c:\documents and settings\James Collins\Application Data\Sony
2009-09-27 13:08 . 2009-09-27 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-26 21:39 . 2009-07-08 16:26 -------- d-----w- c:\documents and settings\James Collins\Application Data\.minecraft
2009-09-24 23:25 . 2008-04-08 21:57 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-22 23:44 . 2009-09-21 20:32 -------- d-----w- c:\program files\N8
2009-09-20 19:20 . 2009-09-20 19:13 -------- d-----w- c:\documents and settings\James Collins\Application Data\U3
2009-09-20 18:20 . 2006-10-19 19:21 136000 -c--a-w- c:\documents and settings\James Collins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 18:18 . 2009-09-20 18:15 -------- d-----w- c:\program files\Web Publish
2009-09-20 18:15 . 2009-09-20 18:11 -------- d-----w- c:\program files\Broderbund
2009-09-18 20:30 . 2006-10-20 02:17 -------- d-----w- c:\documents and settings\James Collins\Application Data\Canon
2009-09-17 00:25 . 2009-09-17 00:25 -------- d-----w- c:\program files\Coupons
2009-09-16 14:22 . 2009-09-16 14:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-02-07 14:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-02-07 14:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-02-07 14:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 19:38 . 2009-09-15 19:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 00:15 . 2008-01-23 02:40 -------- d-----w- c:\program files\Steam
2009-09-14 22:29 . 2008-10-02 00:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-13 00:11 . 2009-08-04 17:20 -------- d-----w- c:\documents and settings\James Collins\Application Data\Braid
2009-09-11 21:55 . 2006-12-23 19:46 -------- d-----w- c:\documents and settings\James Collins\Application Data\Apple Computer
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\program files\iTunes
2009-09-11 20:22 . 2009-09-11 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 20:22 . 2009-09-11 20:22 -------- d-----w- c:\program files\iPod
2009-09-11 20:22 . 2007-08-08 15:45 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 20:19 . 2009-09-11 20:18 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 02:12 . 2008-03-28 19:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 23:42 . 2009-09-06 23:42 -------- d-----w- c:\documents and settings\James Collins\Application Data\Unity
2009-09-04 21:44 . 2009-09-21 20:33 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-09-21 20:33 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-07-10 01:21 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-09-21 20:33 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-09-21 20:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:15 . 2009-04-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-03 22:48 . 2009-09-03 22:48 -------- d-----w- c:\program files\Sparkplay Media
2009-08-26 08:00 . 2005-08-16 08:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:59 . 2009-07-21 11:42 34 ----a-w- c:\documents and settings\James Collins\jagex_runescape_preferences.dat
2009-08-06 23:24 . 2005-08-16 08:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-08-16 08:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-16 08:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-08-16 08:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2005-08-16 08:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-08-16 08:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-12-05 11:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-07-19 03:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2005-08-16 08:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-08-16 08:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 02:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-03-15 13:58 . 2008-03-15 13:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06 . 2006-10-20 01:06 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20 . 2006-10-20 02:19 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20 . 2006-10-20 02:19 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-30_17.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 13:18 . 2009-11-01 13:18 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
- 2005-08-16 08:18 . 2009-10-16 02:44 90562 c:\windows\system32\perfc009.dat
+ 2005-08-16 08:18 . 2009-11-01 12:42 90562 c:\windows\system32\perfc009.dat
- 2009-02-25 13:32 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 13:32 . 2009-11-01 12:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-18 12:48 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-18 12:48 . 2009-11-01 12:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-18 12:48 . 2009-10-30 14:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-30 23:17 . 2009-11-01 12:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-30 22:45 . 2009-10-30 22:45 21504 c:\windows\Installer\113e9f7.msi
+ 2009-10-30 22:43 . 2009-10-30 22:43 27648 c:\windows\Installer\113e9ed.msi
+ 2005-08-16 08:18 . 2009-11-01 12:42 491286 c:\windows\system32\perfh009.dat
- 2005-08-16 08:18 . 2009-10-16 02:44 491286 c:\windows\system32\perfh009.dat
+ 2009-10-30 22:44 . 2009-10-30 22:44 3940352 c:\windows\Installer\113e9f2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
c:\documents and settings\James Collins\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-12-16 225280]
PowerReg Scheduler.exe [2007-2-11 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McProxy\\McProxy.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\McAfee\\MSK\\MskSrver.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mevo and the grooveriders demo\\Mevo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wallace and gromit demo\\WallaceGromitDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"56767:TCP"= 56767:TCP:Pando Media Booster
"56767:UDP"= 56767:UDP:Pando Media Booster
"56961:TCP"= 56961:TCP:Pando Media Booster
"56961:UDP"= 56961:UDP:Pando Media Booster
R2 0233721257011517mcinstcleanup;McAfee Application Installer Cleanup (0233721257011517);c:\docume~1\JAMESC~1\LOCALS~1\Temp\023372~1.EXE [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-24 1170768]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]
R3 cafd20fe-06de-444d-aff9-1c1458602f1e;cafd20fe-06de-444d-aff9-1c1458602f1e;d:\cds300\cds300.dll [x]
R3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2009-06-29 22136]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-27 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-27 218608]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:30]
2009-10-31 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
2009-10-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-31 16:22]
2009-10-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-31 16:22]
2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{4077B8ED-89F1-4902-8616-6A205CD0A29A}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 07:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Trusted Zone: mcafee.com\us
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 08:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="nMjzxitZB/4VdJAdYfYnlnvYYu23aZR0MkH0nx1luC8xDJI5l78pxA=="
"PLCK"="VOBD6raQEIiMaDtdSc70Nd1y3NRW5C2r"
"Percents"="0 0.0339 0.2877 0.3684 0.3854 0.8608 0.8959 0.8988 "
"Increment"=".002410"
[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="sz3qdEiwYrMHaIdStypx5EiPTglpXrHGwmEEtuCNm0hx7/DAfnqnSA=="
"PLCK"="MWqpPA71eVee3L5VyGRsYPpru91q3mBA"
"PHSH"=""
"Percents"="0.0012 0.0682 0.1506 0.4912 0.8176 0.8724 0.8776 "
"Increment"=".002577"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3316)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-11-01 8:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 13:25
ComboFix2.txt 2009-10-30 21:48
ComboFix3.txt 2009-10-30 17:49
Pre-Run: 130,071,388,160 bytes free
Post-Run: 130,121,162,752 bytes free
- - End Of File - - 65BC41912165125689DDEC519421BCCC
DDS (Ver_09-10-26.01) - NTFSx86
Run by James Collins at 8:33:31.01 on Sun 11/01/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_15
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mcafee.com\us
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-31 17:54:34 9459 ----a-w- c:\windows\system32\Config.MPF
2009-10-31 17:52:01 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-31 17:51:43 0 d-----w- c:\program files\common files\McAfee
2009-10-31 17:51:42 0 d-----w- c:\program files\McAfee.com
2009-10-31 17:51:34 0 d-----w- c:\program files\McAfee
2009-10-30 17:31:15 98816 ----a-w- c:\windows\sed.exe
2009-10-30 17:31:15 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 17:31:15 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 17:31:15 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 16:56:28 85504 ----a-w- c:\program files\Inherit.exe
2009-10-24 22:31:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 22:29:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 22:29:04 0 d-----w- c:\program files\Lavasoft
2009-10-24 18:41:42 0 d-sh--w- c:\windows\system32\MPK
2009-10-24 18:41:31 0 d-----w- c:\program files\Atari
2009-10-19 13:48:45 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MPK
2009-10-18 14:13:49 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 13:55:45 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-13 23:12:56 0 d-----w- c:\program files\Lala.com
2009-10-13 23:12:40 0 d-----w- c:\docume~1\jamesc~1\applic~1\Lala Music Mover
==================== Find3M ====================
2009-09-24 23:25:06 93340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-19 17:59:11 34 ----a-w- c:\documents and settings\james collins\jagex_runescape_preferences.dat
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-10-20 01:06:56 251 -c--a-w- c:\program files\wt3d.ini
2008-08-29 17:20:32 88 -csh--r- c:\windows\system32\8B0739B6A5.sys
2008-08-29 17:20:34 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 8:34:17.53 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
==== Disk Partitions =========================
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.57
Access Drivers
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
American Greetings® Print! Premium 3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiosurf
Blueberry Garden Demo
Bonjour
Braid
Buddy Icon Maker 1.0.0.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP600
Canon MP600 User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Castlevania & Contra
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
Cave Story Deluxe
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Cisco SSL VPN Client
Citrix Web Client
Clear Cache feature for Internet Explorer
Colorizer 1.0.0.1
Community Expansion Pack version 1.00
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.2
Dell Support Center (Support Software)
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Easy-WebPrint
EducateU
ELIcon
ESPNMotion
Fallout
Fox Kids Speedy Eggbert
Freedom Force® vs The 3rd Reich
Fritz7
Game Maker 7.0
Games, Music, & Photos Launcher
Geometry Wars
Google SketchUp 7
Grandmaster Challenge
Guild Wars
Hexen 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
Java(TM) 6 Update 15
Lala Music Mover
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
LP Recorder
LP Ripper
MapleStory
McAfee SecurityCenter
McAfee Uninstaller
MCU
Media Go
Mevo and The Grooveriders Demo
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 3.0
Modem Helper
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Netflix Movie Viewer
NetWaiting
Neverdaunt:8Bit Beta
Neverwinter Nights
oggcodecs 0.71.0946
OpenAL
Osmos IGF Demo
Otto
Pando Media Booster
Photo Organizer
PlayStation(R)Network Downloader
PlayStation(R)Store
Project64 1.6
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealPlayer
ScanSoft OmniPage SE 4.0
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SigmaTel Audio
Skins
Solid State ION Internet Explorer Plugin
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony Media Manager for PSP 3.0
Sparkplayer (Beta)
Spybot - Search & Destroy
SpywareBlaster 4.2
Star Wars Battlefront II
Starcraft
Steam
Stonekeep
The Path - Prologue 1.1 beta 7
Turbine Download Manager - Live
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VDMSound
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
Wallace and Gromit Demo
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Xfire (remove only)
==== End Of File ===========================
Hi,
Yes, you may attempt to run the scans now
See if you can find zip file which name begins as [4]-Submit in c:\qoobox\quarantine folder.
Upload it here.
Kindly include a link to this topic in the message.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Posting Permissions
