View Full Version : Hijacked Desktop
bmueller
2009-11-30, 01:37
Hello,
I have a large black box on my desktop with red letters saying my computer has been infected. I am not able to change any settings on my desktop.
The sub message in the box reads "System has been stopped due to a serious malfunction. Spyware activity has been detected" "it is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:48 PM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\winupdate86.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-21-1078081533-1958367476-725345543-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Bruce')
O4 - HKUS\S-1-5-21-1078081533-1958367476-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Bruce')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136066392421
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - Winlogon Notify: pmod11 - C:\WINDOWS\SYSTEM32\pmod11.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9100 bytes
Thank you, in advance, for any help that you can provide!
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
bmueller
2009-12-04, 04:16
Thank you very much!
Here you go!
P.S. I zipped and attempted to attach the txt file, but I don't see it here. It was in .rar format.
Please advise!
Thanks
DDS (Ver_09-12-01.01) - NTFSx86
Run by Alexis M at 22:00:01.13 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.207 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\winupdate86.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
svchost
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alexis M\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~2.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136066392421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: pmod11 - pmod11.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-1-7 83181]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-1-7 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-1-7 122368]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-12-31 106496]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-12-31 225375]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-31 245760]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-12-31 23296]
=============== Created Last 30 ================
2009-12-04 02:52:38 0 ----a-w- c:\windows\system32\30932.exe
2009-12-04 02:32:36 0 ----a-w- c:\windows\system32\9832.exe
2009-12-04 02:12:34 0 ----a-w- c:\windows\system32\23757.exe
2009-12-04 01:52:31 0 ----a-w- c:\windows\system32\28617.exe
2009-12-04 01:32:29 0 ----a-w- c:\windows\system32\31426.exe
2009-12-04 01:12:27 0 ----a-w- c:\windows\system32\27088.exe
2009-12-04 00:52:25 0 ----a-w- c:\windows\system32\10285.exe
2009-12-04 00:32:22 0 ----a-w- c:\windows\system32\24182.exe
2009-12-04 00:12:20 0 ----a-w- c:\windows\system32\10585.exe
2009-12-03 23:52:17 0 ----a-w- c:\windows\system32\5002.exe
2009-12-03 23:32:14 0 ----a-w- c:\windows\system32\16423.exe
2009-12-03 23:12:12 0 ----a-w- c:\windows\system32\15255.exe
2009-12-03 22:52:10 0 ----a-w- c:\windows\system32\9789.exe
2009-12-03 22:32:07 0 ----a-w- c:\windows\system32\13401.exe
2009-12-03 22:12:04 0 ----a-w- c:\windows\system32\14688.exe
2009-12-03 21:52:02 0 ----a-w- c:\windows\system32\17861.exe
2009-12-03 21:31:59 0 ----a-w- c:\windows\system32\26869.exe
2009-12-03 21:11:56 0 ----a-w- c:\windows\system32\21003.exe
2009-12-03 20:51:53 0 ----a-w- c:\windows\system32\2510.exe
2009-12-03 20:31:51 0 ----a-w- c:\windows\system32\2600.exe
2009-12-03 20:11:49 0 ----a-w- c:\windows\system32\10712.exe
2009-12-03 19:51:46 0 ----a-w- c:\windows\system32\5075.exe
2009-12-03 19:31:44 0 ----a-w- c:\windows\system32\24389.exe
2009-12-03 19:11:41 0 ----a-w- c:\windows\system32\27892.exe
2009-12-03 18:51:38 0 ----a-w- c:\windows\system32\28476.exe
2009-12-03 18:31:36 0 ----a-w- c:\windows\system32\3557.exe
2009-12-03 18:11:33 0 ----a-w- c:\windows\system32\5699.exe
2009-12-03 17:51:31 0 ----a-w- c:\windows\system32\10021.exe
2009-12-03 17:31:29 0 ----a-w- c:\windows\system32\18651.exe
2009-12-03 17:11:27 0 ----a-w- c:\windows\system32\10322.exe
2009-12-03 16:51:24 0 ----a-w- c:\windows\system32\31998.exe
2009-12-03 16:31:22 0 ----a-w- c:\windows\system32\21881.exe
2009-12-03 16:11:19 0 ----a-w- c:\windows\system32\1416.exe
2009-12-03 15:51:17 0 ----a-w- c:\windows\system32\23844.exe
2009-12-03 15:31:14 0 ----a-w- c:\windows\system32\20142.exe
2009-12-03 15:11:12 0 ----a-w- c:\windows\system32\29869.exe
2009-12-03 14:51:09 0 ----a-w- c:\windows\system32\28433.exe
2009-12-03 14:31:07 0 ----a-w- c:\windows\system32\18875.exe
2009-12-03 14:11:05 0 ----a-w- c:\windows\system32\4886.exe
2009-12-03 13:51:03 0 ----a-w- c:\windows\system32\26362.exe
2009-12-03 13:30:59 0 ----a-w- c:\windows\system32\22646.exe
2009-12-03 13:10:57 0 ----a-w- c:\windows\system32\20328.exe
2009-12-03 12:50:55 0 ----a-w- c:\windows\system32\20055.exe
2009-12-03 12:30:53 0 ----a-w- c:\windows\system32\24272.exe
2009-12-03 12:10:49 0 ----a-w- c:\windows\system32\2634.exe
2009-12-03 11:50:47 0 ----a-w- c:\windows\system32\16202.exe
2009-12-03 11:30:43 0 ----a-w- c:\windows\system32\11511.exe
2009-12-03 11:10:41 0 ----a-w- c:\windows\system32\19156.exe
2009-12-03 10:50:38 0 ----a-w- c:\windows\system32\22888.exe
2009-12-03 10:30:35 0 ----a-w- c:\windows\system32\19815.exe
2009-12-03 10:10:32 0 ----a-w- c:\windows\system32\6191.exe
2009-12-03 09:50:29 0 ----a-w- c:\windows\system32\7958.exe
2009-12-03 09:30:27 0 ----a-w- c:\windows\system32\29657.exe
2009-12-03 09:10:23 0 ----a-w- c:\windows\system32\18190.exe
2009-12-03 08:50:16 0 ----a-w- c:\windows\system32\24179.exe
2009-12-03 08:30:08 0 ----a-w- c:\windows\system32\6038.exe
2009-12-03 08:10:00 0 ----a-w- c:\windows\system32\12292.exe
2009-12-03 07:49:58 0 ----a-w- c:\windows\system32\18538.exe
2009-12-03 07:29:53 0 ----a-w- c:\windows\system32\23622.exe
2009-12-03 07:09:51 0 ----a-w- c:\windows\system32\20472.exe
2009-12-03 06:49:34 0 ----a-w- c:\windows\system32\27157.exe
2009-12-03 06:29:28 0 ----a-w- c:\windows\system32\28009.exe
2009-12-03 06:09:20 0 ----a-w- c:\windows\system32\20798.exe
2009-12-03 05:49:06 0 ----a-w- c:\windows\system32\19589.exe
2009-12-03 05:29:02 0 ----a-w- c:\windows\system32\15281.exe
2009-12-03 05:09:00 0 ----a-w- c:\windows\system32\14798.exe
2009-12-03 04:48:57 0 ----a-w- c:\windows\system32\19796.exe
2009-12-03 04:28:54 0 ----a-w- c:\windows\system32\20580.exe
2009-12-03 04:08:51 0 ----a-w- c:\windows\system32\6618.exe
2009-12-03 03:48:48 0 ----a-w- c:\windows\system32\13458.exe
2009-12-03 03:28:45 0 ----a-w- c:\windows\system32\25200.exe
2009-12-03 03:08:43 0 ----a-w- c:\windows\system32\7448.exe
2009-12-03 02:48:41 0 ----a-w- c:\windows\system32\9503.exe
2009-12-03 02:28:38 0 ----a-w- c:\windows\system32\29314.exe
2009-12-03 02:08:31 0 ----a-w- c:\windows\system32\1587.exe
2009-12-03 01:48:28 0 ----a-w- c:\windows\system32\30523.exe
2009-12-03 01:28:25 0 ----a-w- c:\windows\system32\14343.exe
2009-12-03 01:08:22 0 ----a-w- c:\windows\system32\3093.exe
2009-12-03 00:48:20 0 ----a-w- c:\windows\system32\20485.exe
2009-12-03 00:28:17 0 ----a-w- c:\windows\system32\3195.exe
2009-12-03 00:08:13 0 ----a-w- c:\windows\system32\32702.exe
2009-12-02 23:48:10 0 ----a-w- c:\windows\system32\14989.exe
2009-12-02 23:28:08 0 ----a-w- c:\windows\system32\32609.exe
2009-12-02 23:08:05 0 ----a-w- c:\windows\system32\5844.exe
2009-12-02 22:48:03 0 ----a-w- c:\windows\system32\11008.exe
2009-12-02 22:28:01 0 ----a-w- c:\windows\system32\6224.exe
2009-12-02 22:07:59 0 ----a-w- c:\windows\system32\30303.exe
2009-12-02 21:47:54 0 ----a-w- c:\windows\system32\22798.exe
2009-12-02 21:27:52 0 ----a-w- c:\windows\system32\31556.exe
2009-12-02 21:07:48 0 ----a-w- c:\windows\system32\16519.exe
2009-12-02 20:47:46 0 ----a-w- c:\windows\system32\5249.exe
2009-12-02 20:27:41 0 ----a-w- c:\windows\system32\20600.exe
2009-12-02 20:07:39 0 ----a-w- c:\windows\system32\17451.exe
2009-12-02 19:47:35 0 ----a-w- c:\windows\system32\18935.exe
2009-12-02 19:27:33 0 ----a-w- c:\windows\system32\7616.exe
2009-12-02 19:07:31 0 ----a-w- c:\windows\system32\14309.exe
2009-12-02 18:47:27 0 ----a-w- c:\windows\system32\9514.exe
2009-12-02 18:27:24 0 ----a-w- c:\windows\system32\22813.exe
2009-12-02 18:07:22 0 ----a-w- c:\windows\system32\6617.exe
2009-12-02 17:47:19 0 ----a-w- c:\windows\system32\14310.exe
2009-12-02 17:27:15 0 ----a-w- c:\windows\system32\2421.exe
2009-12-02 17:07:13 0 ----a-w- c:\windows\system32\17807.exe
2009-12-02 16:47:11 0 ----a-w- c:\windows\system32\22483.exe
2009-12-02 16:27:08 0 ----a-w- c:\windows\system32\24648.exe
2009-12-02 16:07:05 0 ----a-w- c:\windows\system32\14893.exe
2009-12-02 15:47:01 0 ----a-w- c:\windows\system32\3728.exe
2009-12-02 15:26:57 0 ----a-w- c:\windows\system32\467.exe
2009-12-02 15:06:54 0 ----a-w- c:\windows\system32\18127.exe
2009-12-02 14:46:52 0 ----a-w- c:\windows\system32\3788.exe
2009-12-02 14:26:49 0 ----a-w- c:\windows\system32\6900.exe
2009-12-02 14:06:43 0 ----a-w- c:\windows\system32\27938.exe
2009-12-02 13:46:41 0 ----a-w- c:\windows\system32\26418.exe
2009-12-02 13:26:38 0 ----a-w- c:\windows\system32\1999.exe
2009-12-02 13:06:32 0 ----a-w- c:\windows\system32\53.exe
2009-12-02 12:46:30 0 ----a-w- c:\windows\system32\4734.exe
2009-12-02 12:26:20 0 ----a-w- c:\windows\system32\8281.exe
2009-12-02 12:06:16 0 ----a-w- c:\windows\system32\24484.exe
2009-12-02 11:46:14 0 ----a-w- c:\windows\system32\19668.exe
2009-12-02 11:26:12 0 ----a-w- c:\windows\system32\23199.exe
2009-12-02 11:06:05 0 ----a-w- c:\windows\system32\27348.exe
2009-12-02 10:46:01 0 ----a-w- c:\windows\system32\24021.exe
2009-12-02 10:25:58 0 ----a-w- c:\windows\system32\4596.exe
2009-12-02 10:05:55 0 ----a-w- c:\windows\system32\11020.exe
2009-12-02 09:45:50 0 ----a-w- c:\windows\system32\9374.exe
2009-12-02 09:25:47 0 ----a-w- c:\windows\system32\30836.exe
2009-12-02 09:05:41 0 ----a-w- c:\windows\system32\10291.exe
2009-12-02 08:45:34 0 ----a-w- c:\windows\system32\24350.exe
2009-12-02 08:25:31 0 ----a-w- c:\windows\system32\3602.exe
2009-12-02 08:05:28 0 ----a-w- c:\windows\system32\4041.exe
2009-12-02 07:45:26 0 ----a-w- c:\windows\system32\27595.exe
2009-12-02 07:25:23 0 ----a-w- c:\windows\system32\6483.exe
2009-12-02 07:05:21 0 ----a-w- c:\windows\system32\21548.exe
2009-12-02 06:45:19 0 ----a-w- c:\windows\system32\20537.exe
2009-12-02 06:25:17 0 ----a-w- c:\windows\system32\27624.exe
2009-12-02 06:05:14 0 ----a-w- c:\windows\system32\6359.exe
2009-12-02 05:45:12 0 ----a-w- c:\windows\system32\17410.exe
2009-12-02 05:25:10 0 ----a-w- c:\windows\system32\1655.exe
2009-12-02 05:05:06 0 ----a-w- c:\windows\system32\18762.exe
2009-12-02 04:45:04 0 ----a-w- c:\windows\system32\32591.exe
2009-12-02 04:25:02 0 ----a-w- c:\windows\system32\900.exe
2009-12-02 04:05:00 0 ----a-w- c:\windows\system32\29168.exe
2009-12-02 03:44:56 0 ----a-w- c:\windows\system32\16413.exe
2009-12-02 03:24:53 0 ----a-w- c:\windows\system32\13030.exe
2009-12-02 03:04:51 0 ----a-w- c:\windows\system32\27506.exe
2009-12-02 02:44:49 0 ----a-w- c:\windows\system32\24946.exe
2009-12-02 02:24:46 0 ----a-w- c:\windows\system32\6422.exe
2009-12-02 02:04:44 0 ----a-w- c:\windows\system32\18588.exe
2009-12-02 01:44:41 0 ----a-w- c:\windows\system32\24221.exe
2009-12-02 01:24:38 0 ----a-w- c:\windows\system32\9758.exe
2009-12-02 01:04:36 0 ----a-w- c:\windows\system32\32209.exe
2009-12-02 00:44:34 0 ----a-w- c:\windows\system32\8909.exe
2009-12-02 00:24:31 0 ----a-w- c:\windows\system32\14945.exe
2009-12-02 00:04:27 0 ----a-w- c:\windows\system32\10383.exe
2009-12-01 23:44:25 0 ----a-w- c:\windows\system32\27753.exe
2009-12-01 23:24:22 0 ----a-w- c:\windows\system32\12287.exe
2009-12-01 23:04:20 0 ----a-w- c:\windows\system32\15457.exe
2009-12-01 22:44:15 0 ----a-w- c:\windows\system32\11337.exe
2009-12-01 22:24:10 0 ----a-w- c:\windows\system32\18007.exe
2009-12-01 22:04:08 0 ----a-w- c:\windows\system32\30191.exe
2009-12-01 21:44:05 0 ----a-w- c:\windows\system32\31107.exe
2009-12-01 21:24:03 0 ----a-w- c:\windows\system32\3430.exe
2009-12-01 21:04:01 0 ----a-w- c:\windows\system32\13966.exe
2009-12-01 20:43:58 0 ----a-w- c:\windows\system32\21724.exe
2009-12-01 20:23:50 0 ----a-w- c:\windows\system32\16941.exe
2009-12-01 20:03:47 0 ----a-w- c:\windows\system32\1150.exe
2009-12-01 19:43:45 0 ----a-w- c:\windows\system32\27350.exe
2009-12-01 19:23:42 0 ----a-w- c:\windows\system32\12052.exe
2009-12-01 19:03:39 0 ----a-w- c:\windows\system32\4031.exe
2009-12-01 18:43:37 0 ----a-w- c:\windows\system32\15574.exe
2009-12-01 18:23:34 0 ----a-w- c:\windows\system32\23655.exe
2009-12-01 18:03:31 0 ----a-w- c:\windows\system32\24767.exe
2009-12-01 17:43:29 0 ----a-w- c:\windows\system32\22355.exe
2009-12-01 17:23:27 0 ----a-w- c:\windows\system32\18636.exe
2009-12-01 17:03:24 0 ----a-w- c:\windows\system32\9161.exe
2009-12-01 16:43:22 0 ----a-w- c:\windows\system32\13290.exe
2009-12-01 16:23:20 0 ----a-w- c:\windows\system32\23986.exe
2009-12-01 16:03:17 0 ----a-w- c:\windows\system32\16512.exe
2009-12-01 15:43:15 0 ----a-w- c:\windows\system32\5097.exe
2009-12-01 15:23:13 0 ----a-w- c:\windows\system32\15573.exe
2009-12-01 15:03:10 0 ----a-w- c:\windows\system32\26777.exe
2009-12-01 14:43:08 0 ----a-w- c:\windows\system32\5829.exe
2009-12-01 14:23:05 0 ----a-w- c:\windows\system32\6270.exe
2009-12-01 14:03:03 0 ----a-w- c:\windows\system32\19072.exe
2009-12-01 13:43:01 0 ----a-w- c:\windows\system32\26924.exe
2009-12-01 13:22:59 0 ----a-w- c:\windows\system32\28745.exe
2009-12-01 13:02:56 0 ----a-w- c:\windows\system32\5021.exe
2009-12-01 12:42:54 0 ----a-w- c:\windows\system32\22386.exe
2009-12-01 12:22:52 0 ----a-w- c:\windows\system32\31673.exe
2009-12-01 12:02:50 0 ----a-w- c:\windows\system32\2306.exe
2009-12-01 11:42:47 0 ----a-w- c:\windows\system32\13977.exe
2009-12-01 11:22:45 0 ----a-w- c:\windows\system32\9930.exe
2009-12-01 11:02:43 0 ----a-w- c:\windows\system32\22704.exe
2009-12-01 10:42:41 0 ----a-w- c:\windows\system32\29658.exe
2009-12-01 10:22:38 0 ----a-w- c:\windows\system32\4639.exe
2009-12-01 10:02:36 0 ----a-w- c:\windows\system32\31115.exe
2009-12-01 09:42:34 0 ----a-w- c:\windows\system32\4833.exe
2009-12-01 09:22:31 0 ----a-w- c:\windows\system32\16541.exe
2009-12-01 09:02:29 0 ----a-w- c:\windows\system32\22929.exe
2009-12-01 08:42:27 0 ----a-w- c:\windows\system32\2082.exe
2009-12-01 08:22:24 0 ----a-w- c:\windows\system32\16118.exe
2009-12-01 08:02:22 0 ----a-w- c:\windows\system32\21538.exe
2009-12-01 07:42:20 0 ----a-w- c:\windows\system32\5537.exe
2009-12-01 07:22:17 0 ----a-w- c:\windows\system32\11323.exe
2009-12-01 07:02:15 0 ----a-w- c:\windows\system32\24626.exe
2009-12-01 06:42:13 0 ----a-w- c:\windows\system32\32439.exe
2009-12-01 06:22:10 0 ----a-w- c:\windows\system32\16944.exe
2009-12-01 06:02:08 0 ----a-w- c:\windows\system32\26308.exe
2009-12-01 05:42:06 0 ----a-w- c:\windows\system32\13931.exe
2009-12-01 05:22:04 0 ----a-w- c:\windows\system32\7376.exe
2009-12-01 05:02:01 0 ----a-w- c:\windows\system32\4966.exe
2009-12-01 04:41:59 0 ----a-w- c:\windows\system32\11840.exe
2009-12-01 04:21:57 0 ----a-w- c:\windows\system32\18756.exe
2009-12-01 04:01:55 0 ----a-w- c:\windows\system32\19954.exe
2009-12-01 03:41:52 0 ----a-w- c:\windows\system32\24084.exe
2009-12-01 03:21:50 0 ----a-w- c:\windows\system32\12623.exe
2009-12-01 03:01:48 0 ----a-w- c:\windows\system32\19629.exe
2009-12-01 02:41:45 0 ----a-w- c:\windows\system32\3548.exe
2009-12-01 02:21:43 0 ----a-w- c:\windows\system32\24393.exe
2009-12-01 02:01:41 0 ----a-w- c:\windows\system32\31101.exe
2009-12-01 01:41:39 0 ----a-w- c:\windows\system32\15006.exe
2009-12-01 01:21:36 0 ----a-w- c:\windows\system32\15350.exe
2009-12-01 01:01:33 0 ----a-w- c:\windows\system32\24370.exe
2009-12-01 00:41:31 0 ----a-w- c:\windows\system32\6729.exe
2009-12-01 00:21:29 0 ----a-w- c:\windows\system32\15890.exe
2009-12-01 00:01:26 0 ----a-w- c:\windows\system32\23805.exe
2009-11-30 23:41:24 0 ----a-w- c:\windows\system32\27446.exe
2009-11-30 23:21:22 0 ----a-w- c:\windows\system32\22648.exe
2009-11-30 23:01:19 0 ----a-w- c:\windows\system32\19264.exe
2009-11-30 22:41:17 0 ----a-w- c:\windows\system32\8942.exe
2009-11-30 22:21:15 0 ----a-w- c:\windows\system32\9040.exe
2009-11-30 22:01:12 0 ----a-w- c:\windows\system32\30106.exe
2009-11-30 21:41:10 0 ----a-w- c:\windows\system32\288.exe
2009-11-30 21:21:08 0 ----a-w- c:\windows\system32\1842.exe
2009-11-30 21:01:06 0 ----a-w- c:\windows\system32\22190.exe
2009-11-30 20:41:03 0 ----a-w- c:\windows\system32\3035.exe
2009-11-30 20:21:01 0 ----a-w- c:\windows\system32\12316.exe
2009-11-30 20:00:58 0 ----a-w- c:\windows\system32\778.exe
2009-11-30 19:40:56 0 ----a-w- c:\windows\system32\27529.exe
2009-11-30 19:20:54 0 ----a-w- c:\windows\system32\9741.exe
2009-11-30 19:00:52 0 ----a-w- c:\windows\system32\8723.exe
2009-11-30 18:40:49 0 ----a-w- c:\windows\system32\12859.exe
2009-11-30 18:20:47 0 ----a-w- c:\windows\system32\20037.exe
2009-11-30 18:00:45 0 ----a-w- c:\windows\system32\32757.exe
2009-11-30 17:40:43 0 ----a-w- c:\windows\system32\32662.exe
2009-11-30 17:20:40 0 ----a-w- c:\windows\system32\27644.exe
2009-11-30 17:00:38 0 ----a-w- c:\windows\system32\25547.exe
2009-11-30 16:40:36 0 ----a-w- c:\windows\system32\6868.exe
2009-11-30 16:20:33 0 ----a-w- c:\windows\system32\28253.exe
2009-11-30 16:00:31 0 ----a-w- c:\windows\system32\7711.exe
2009-11-30 15:40:28 0 ----a-w- c:\windows\system32\15141.exe
2009-11-30 15:20:26 0 ----a-w- c:\windows\system32\4664.exe
2009-11-30 15:00:24 0 ----a-w- c:\windows\system32\17673.exe
2009-11-30 14:40:21 0 ----a-w- c:\windows\system32\30333.exe
2009-11-30 14:20:19 0 ----a-w- c:\windows\system32\31322.exe
2009-11-30 14:00:17 0 ----a-w- c:\windows\system32\23811.exe
2009-11-30 13:40:14 0 ----a-w- c:\windows\system32\28703.exe
2009-11-30 13:20:12 0 ----a-w- c:\windows\system32\9894.exe
2009-11-30 00:17:14 18944 ----a-w- c:\windows\system32\winupdate86.exe
2009-11-29 14:21:11 0 ----a-w- c:\windows\system32\17035.exe
2009-11-29 14:01:08 0 ----a-w- c:\windows\system32\26299.exe
2009-11-29 13:41:06 0 ----a-w- c:\windows\system32\25667.exe
2009-11-29 13:21:04 0 ----a-w- c:\windows\system32\19912.exe
2009-11-29 13:01:01 0 ----a-w- c:\windows\system32\1869.exe
2009-11-29 12:40:59 0 ----a-w- c:\windows\system32\11538.exe
2009-11-29 12:20:57 0 ----a-w- c:\windows\system32\14771.exe
2009-11-29 12:00:55 0 ----a-w- c:\windows\system32\21726.exe
2009-11-29 11:40:52 0 ----a-w- c:\windows\system32\5447.exe
2009-11-29 11:20:50 0 ----a-w- c:\windows\system32\19895.exe
2009-11-29 11:00:48 0 ----a-w- c:\windows\system32\19718.exe
2009-11-29 10:40:45 0 ----a-w- c:\windows\system32\18716.exe
2009-11-29 10:20:43 0 ----a-w- c:\windows\system32\17421.exe
2009-11-29 10:00:41 0 ----a-w- c:\windows\system32\12382.exe
2009-11-29 09:40:39 0 ----a-w- c:\windows\system32\292.exe
2009-11-29 09:20:36 0 ----a-w- c:\windows\system32\153.exe
2009-11-29 09:00:34 0 ----a-w- c:\windows\system32\3902.exe
2009-11-29 08:40:32 0 ----a-w- c:\windows\system32\14604.exe
2009-11-29 08:20:30 0 ----a-w- c:\windows\system32\32391.exe
2009-11-29 08:00:27 0 ----a-w- c:\windows\system32\5436.exe
2009-11-29 07:40:25 0 ----a-w- c:\windows\system32\4827.exe
2009-11-29 07:20:23 0 ----a-w- c:\windows\system32\11942.exe
2009-11-29 07:00:20 0 ----a-w- c:\windows\system32\2995.exe
2009-11-29 06:40:18 0 ----a-w- c:\windows\system32\491.exe
2009-11-29 06:20:16 0 ----a-w- c:\windows\system32\9961.exe
2009-11-29 06:00:13 0 ----a-w- c:\windows\system32\16827.exe
2009-11-29 05:40:11 0 ----a-w- c:\windows\system32\23281.exe
2009-11-29 05:20:09 0 ----a-w- c:\windows\system32\28145.exe
2009-11-29 05:00:06 0 ----a-w- c:\windows\system32\5705.exe
2009-11-29 04:40:04 0 ----a-w- c:\windows\system32\24464.exe
2009-11-29 04:20:02 0 ----a-w- c:\windows\system32\26962.exe
2009-11-29 03:59:59 0 ----a-w- c:\windows\system32\29358.exe
2009-11-29 03:39:57 0 ----a-w- c:\windows\system32\11478.exe
2009-11-29 03:19:55 0 ----a-w- c:\windows\system32\15724.exe
2009-11-29 02:59:53 0 ----a-w- c:\windows\system32\19169.exe
2009-11-29 02:39:50 0 ----a-w- c:\windows\system32\26500.exe
2009-11-29 02:19:48 0 ----a-w- c:\windows\system32\6334.exe
2009-11-29 01:59:46 0 ----a-w- c:\windows\system32\18467.exe
2009-11-29 01:39:44 0 ----a-w- c:\windows\system32\41.exe
2009-11-29 01:39:31 0 ----a-w- c:\windows\system32\AVR10.exe
2009-11-29 01:39:30 0 ----a-w- c:\windows\system32\winhelper86.dll
2009-11-29 01:39:24 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-11-29 01:35:23 1 ----a-w- C:\s
2009-11-29 01:35:22 18944 ----a-w- c:\windows\system32\winlogon86.exe
2009-11-26 12:47:10 0 d-----w- c:\program files\common files\Thraex Software
2009-11-15 21:21:24 0 d-----w- c:\program files\common files\AlphaAntUninstall
2009-11-15 21:21:07 372224 ----a-w- c:\windows\system32\ExplorerImages.dll
2009-11-15 21:20:55 0 d-----w- c:\program files\AlphaAnt
2009-11-09 21:51:38 0 --sha-w- C:\-335392864
==================== Find3M ====================
2009-09-20 20:18:11 28120 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
============= FINISH: 22:03:13.99 ===============
Hi,
You can paste attach.txt contents like you did for dds.txt :)
bmueller
2009-12-05, 02:58
That's great, thanks!
Here it is:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2005 2:51:36 PM
System Uptime: 11/29/2009 7:14:30 PM (99 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000-G/L
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 2019/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 3.86 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1128: 11/6/2009 5:27:19 AM - System Checkpoint
RP1129: 11/7/2009 6:15:36 AM - System Checkpoint
RP1130: 11/8/2009 6:15:40 AM - System Checkpoint
RP1131: 11/9/2009 7:20:24 AM - System Checkpoint
RP1132: 11/10/2009 7:27:41 AM - System Checkpoint
RP1133: 11/11/2009 3:00:42 AM - Software Distribution Service 3.0
RP1134: 11/13/2009 7:12:41 AM - System Checkpoint
RP1135: 11/14/2009 7:29:02 AM - System Checkpoint
RP1136: 11/15/2009 12:04:30 PM - System Checkpoint
RP1137: 11/16/2009 6:54:11 PM - System Checkpoint
RP1138: 11/18/2009 10:38:04 PM - System Checkpoint
RP1139: 11/20/2009 7:16:34 AM - System Checkpoint
RP1140: 11/21/2009 7:57:18 AM - System Checkpoint
RP1141: 11/22/2009 8:57:14 AM - System Checkpoint
RP1142: 11/23/2009 6:41:34 PM - System Checkpoint
RP1143: 11/24/2009 7:54:01 PM - System Checkpoint
RP1144: 11/25/2009 3:00:26 AM - Software Distribution Service 3.0
RP1145: 11/26/2009 3:23:01 AM - System Checkpoint
RP1146: 11/26/2009 7:50:29 AM - Installed DirectX
RP1147: 11/27/2009 8:10:15 AM - System Checkpoint
RP1148: 11/28/2009 8:23:38 AM - System Checkpoint
RP1149: 11/29/2009 11:24:13 AM - System Checkpoint
==== Installed Programs ======================
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Alpha Antivirus
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVIConverter 3.0
Bonjour
BOSS Fonts Manager
Carmen Sandiego's Great Chase Through Time
Citrix Presentation Server Client
Clifford Learning Activities
Clifford Thinking Adventures
Critical Update for Windows Media Player 11 (KB959772)
DiscWizard for Windows
Download Manager 2.3.6
Edmark Talking Walls
Fetch
Field Trip to the Earth
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Memories Disc
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
InstallMgr
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
JumpStart Languages
Kids T Shirts
Logitech Gaming Software
Logitech iTouch Software
Logitech MouseWare 9.41 .1
Logitech User's Guide
McAfee Personal Firewall Plus
McAfee Security Scan
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office XP Standard
Microsoft Project 2000
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
MP3 Player Utilities 3.5.02
MSN Toolbar
Nancy Drew: Danger by Design
Nancy Drew: Last Train to Blue Moon Canyon
Nancy Drew: Legend of the Crystal Skull
Nancy Drew: Secret of Shadow Ranch
Nancy Drew: The Creature of Kapu Cave
Nancy Drew: The White Wolf of Icicle Creek
P_CS
Photo Story 3 for Windows
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Risk+ 2.0 for Microsoft Project
Schoolhouse Rock Thinking Games
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SmartForce Player
SpongeBob SquarePants Typing
Spybot - Search & Destroy
Star Wars Battlefront
Star Wars Battlefront II
Surround Mp4 Tool 3.0.4
The Incredibles - When Danger Calls
Tomb Raider - The Last Revelation
Unity Web Player
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veoh Video Compass
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
wInsight 5.0
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
11/29/2009 9:30:58 AM, error: Print [19] - Sharing printer failed + 1722, Printer hp officejet 6100 series share name HP 6100 all in one.
11/29/2009 6:42:41 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
11/28/2009 6:17:04 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
11/28/2009 6:17:04 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/26/2009 7:56:16 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/26/2009 7:56:16 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/26/2009 7:50:00 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
==== End Of File ===========================
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
bmueller
2009-12-06, 01:10
Ok...here it is!
ComboFix 09-12-04.05 - Bruce 12/05/2009 13:11.1.1 - x86
Running from: c:\documents and settings\Alexis M\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bruce\Application Data\alot
c:\documents and settings\Guest\Application Data\alot
c:\program files\AlphaAnt
c:\program files\AlphaAnt\alpha.exe
C:\s
c:\windows\jestertb.dll
c:\windows\system32\10021.exe
c:\windows\system32\10202.exe
c:\windows\system32\10285.exe
c:\windows\system32\10291.exe
c:\windows\system32\10322.exe
c:\windows\system32\10383.exe
c:\windows\system32\10466.exe
c:\windows\system32\10555.exe
c:\windows\system32\10585.exe
c:\windows\system32\10712.exe
c:\windows\system32\10808.exe
c:\windows\system32\11008.exe
c:\windows\system32\11020.exe
c:\windows\system32\11173.exe
c:\windows\system32\11323.exe
c:\windows\system32\11337.exe
c:\windows\system32\11478.exe
c:\windows\system32\1150.exe
c:\windows\system32\11511.exe
c:\windows\system32\11538.exe
c:\windows\system32\11701.exe
c:\windows\system32\11833.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12044.exe
c:\windows\system32\12052.exe
c:\windows\system32\12263.exe
c:\windows\system32\12287.exe
c:\windows\system32\12292.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12423.exe
c:\windows\system32\12455.exe
c:\windows\system32\12529.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\12949.exe
c:\windows\system32\13030.exe
c:\windows\system32\13186.exe
c:\windows\system32\13290.exe
c:\windows\system32\13401.exe
c:\windows\system32\13458.exe
c:\windows\system32\13931.exe
c:\windows\system32\13966.exe
c:\windows\system32\13977.exe
c:\windows\system32\13985.exe
c:\windows\system32\14018.exe
c:\windows\system32\1416.exe
c:\windows\system32\14309.exe
c:\windows\system32\14310.exe
c:\windows\system32\14343.exe
c:\windows\system32\14604.exe
c:\windows\system32\14688.exe
c:\windows\system32\14771.exe
c:\windows\system32\14798.exe
c:\windows\system32\14893.exe
c:\windows\system32\14945.exe
c:\windows\system32\14989.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\15255.exe
c:\windows\system32\15281.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15457.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15724.exe
c:\windows\system32\1587.exe
c:\windows\system32\15890.exe
c:\windows\system32\16105.exe
c:\windows\system32\16118.exe
c:\windows\system32\16139.exe
c:\windows\system32\16202.exe
c:\windows\system32\16279.exe
c:\windows\system32\16282.exe
c:\windows\system32\16413.exe
c:\windows\system32\16423.exe
c:\windows\system32\16512.exe
c:\windows\system32\16519.exe
c:\windows\system32\16541.exe
c:\windows\system32\16549.exe
c:\windows\system32\1655.exe
c:\windows\system32\16687.exe
c:\windows\system32\16827.exe
c:\windows\system32\16941.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17189.exe
c:\windows\system32\17192.exe
c:\windows\system32\17253.exe
c:\windows\system32\17410.exe
c:\windows\system32\17421.exe
c:\windows\system32\17437.exe
c:\windows\system32\17451.exe
c:\windows\system32\1763.exe
c:\windows\system32\17673.exe
c:\windows\system32\17773.exe
c:\windows\system32\17807.exe
c:\windows\system32\17861.exe
c:\windows\system32\17958.exe
c:\windows\system32\18007.exe
c:\windows\system32\18060.exe
c:\windows\system32\18114.exe
c:\windows\system32\18127.exe
c:\windows\system32\18190.exe
c:\windows\system32\1832.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\18538.exe
c:\windows\system32\18588.exe
c:\windows\system32\18636.exe
c:\windows\system32\18651.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\18762.exe
c:\windows\system32\18787.exe
c:\windows\system32\18875.exe
c:\windows\system32\18935.exe
c:\windows\system32\19072.exe
c:\windows\system32\19156.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\193.exe
c:\windows\system32\19558.exe
c:\windows\system32\19589.exe
c:\windows\system32\19629.exe
c:\windows\system32\19668.exe
c:\windows\system32\19718.exe
c:\windows\system32\19796.exe
c:\windows\system32\19815.exe
c:\windows\system32\19866.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\19976.exe
c:\windows\system32\1999.exe
c:\windows\system32\20024.exe
c:\windows\system32\20037.exe
c:\windows\system32\20053.exe
c:\windows\system32\20055.exe
c:\windows\system32\20142.exe
c:\windows\system32\20159.exe
c:\windows\system32\20222.exe
c:\windows\system32\20328.exe
c:\windows\system32\20416.exe
c:\windows\system32\20450.exe
c:\windows\system32\20472.exe
c:\windows\system32\20485.exe
c:\windows\system32\20537.exe
c:\windows\system32\20580.exe
c:\windows\system32\20600.exe
c:\windows\system32\20649.exe
c:\windows\system32\20671.exe
c:\windows\system32\20798.exe
c:\windows\system32\2082.exe
c:\windows\system32\20945.exe
c:\windows\system32\21003.exe
c:\windows\system32\21425.exe
c:\windows\system32\21538.exe
c:\windows\system32\2154.exe
c:\windows\system32\21548.exe
c:\windows\system32\2161.exe
c:\windows\system32\21659.exe
c:\windows\system32\2168.exe
c:\windows\system32\21718.exe
c:\windows\system32\21724.exe
c:\windows\system32\21726.exe
c:\windows\system32\21881.exe
c:\windows\system32\22190.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22483.exe
c:\windows\system32\22549.exe
c:\windows\system32\22646.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22798.exe
c:\windows\system32\22813.exe
c:\windows\system32\22888.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23195.exe
c:\windows\system32\23196.exe
c:\windows\system32\23199.exe
c:\windows\system32\23281.exe
c:\windows\system32\23622.exe
c:\windows\system32\23646.exe
c:\windows\system32\23655.exe
c:\windows\system32\2368.exe
c:\windows\system32\23757.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23844.exe
c:\windows\system32\23986.exe
c:\windows\system32\24021.exe
c:\windows\system32\24084.exe
c:\windows\system32\24179.exe
c:\windows\system32\24182.exe
c:\windows\system32\2421.exe
c:\windows\system32\24221.exe
c:\windows\system32\24272.exe
c:\windows\system32\24350.exe
c:\windows\system32\24355.exe
c:\windows\system32\24370.exe
c:\windows\system32\24372.exe
c:\windows\system32\24389.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\24484.exe
c:\windows\system32\24488.exe
c:\windows\system32\24626.exe
c:\windows\system32\24648.exe
c:\windows\system32\24767.exe
c:\windows\system32\24946.exe
c:\windows\system32\2510.exe
c:\windows\system32\25200.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\25721.exe
c:\windows\system32\25734.exe
c:\windows\system32\25824.exe
c:\windows\system32\25874.exe
c:\windows\system32\25996.exe
c:\windows\system32\2600.exe
c:\windows\system32\26154.exe
c:\windows\system32\26292.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\2634.exe
c:\windows\system32\26362.exe
c:\windows\system32\26418.exe
c:\windows\system32\26439.exe
c:\windows\system32\26477.exe
c:\windows\system32\26500.exe
c:\windows\system32\2668.exe
c:\windows\system32\26777.exe
c:\windows\system32\26869.exe
c:\windows\system32\26924.exe
c:\windows\system32\26962.exe
c:\windows\system32\27088.exe
c:\windows\system32\27157.exe
c:\windows\system32\27348.exe
c:\windows\system32\27350.exe
c:\windows\system32\27446.exe
c:\windows\system32\27506.exe
c:\windows\system32\27529.exe
c:\windows\system32\27595.exe
c:\windows\system32\27624.exe
c:\windows\system32\27644.exe
c:\windows\system32\27753.exe
c:\windows\system32\27756.exe
c:\windows\system32\27892.exe
c:\windows\system32\27938.exe
c:\windows\system32\27982.exe
c:\windows\system32\28009.exe
c:\windows\system32\28022.exe
c:\windows\system32\28070.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28286.exe
c:\windows\system32\28297.exe
c:\windows\system32\28321.exe
c:\windows\system32\28433.exe
c:\windows\system32\28476.exe
c:\windows\system32\28617.exe
c:\windows\system32\28692.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\29168.exe
c:\windows\system32\292.exe
c:\windows\system32\29213.exe
c:\windows\system32\29314.exe
c:\windows\system32\29334.exe
c:\windows\system32\29358.exe
c:\windows\system32\29510.exe
c:\windows\system32\29657.exe
c:\windows\system32\29658.exe
c:\windows\system32\29869.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30145.exe
c:\windows\system32\30191.exe
c:\windows\system32\30303.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\30523.exe
c:\windows\system32\30527.exe
c:\windows\system32\30836.exe
c:\windows\system32\3093.exe
c:\windows\system32\30932.exe
c:\windows\system32\3102.exe
c:\windows\system32\31101.exe
c:\windows\system32\31107.exe
c:\windows\system32\31115.exe
c:\windows\system32\31185.exe
c:\windows\system32\31316.exe
c:\windows\system32\31322.exe
c:\windows\system32\31329.exe
c:\windows\system32\31426.exe
c:\windows\system32\31556.exe
c:\windows\system32\31673.exe
c:\windows\system32\3195.exe
c:\windows\system32\31998.exe
c:\windows\system32\32209.exe
c:\windows\system32\32270.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32591.exe
c:\windows\system32\32609.exe
c:\windows\system32\32662.exe
c:\windows\system32\32702.exe
c:\windows\system32\32757.exe
c:\windows\system32\3297.exe
c:\windows\system32\3430.exe
c:\windows\system32\3434.exe
c:\windows\system32\3548.exe
c:\windows\system32\3557.exe
c:\windows\system32\3602.exe
c:\windows\system32\3625.exe
c:\windows\system32\3728.exe
c:\windows\system32\3753.exe
c:\windows\system32\3788.exe
c:\windows\system32\3902.exe
c:\windows\system32\4031.exe
c:\windows\system32\4041.exe
c:\windows\system32\4099.exe
c:\windows\system32\41.exe
c:\windows\system32\4144.exe
c:\windows\system32\4169.exe
c:\windows\system32\4313.exe
c:\windows\system32\4414.exe
c:\windows\system32\4474.exe
c:\windows\system32\4596.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\467.exe
c:\windows\system32\4734.exe
c:\windows\system32\4745.exe
c:\windows\system32\4802.exe
c:\windows\system32\481.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\4886.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5002.exe
c:\windows\system32\5021.exe
c:\windows\system32\5075.exe
c:\windows\system32\5097.exe
c:\windows\system32\5249.exe
c:\windows\system32\53.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5535.exe
c:\windows\system32\5537.exe
c:\windows\system32\5699.exe
c:\windows\system32\5705.exe
c:\windows\system32\5786.exe
c:\windows\system32\5829.exe
c:\windows\system32\5844.exe
c:\windows\system32\6038.exe
c:\windows\system32\6191.exe
c:\windows\system32\6224.exe
c:\windows\system32\6270.exe
c:\windows\system32\6334.exe
c:\windows\system32\6359.exe
c:\windows\system32\6422.exe
c:\windows\system32\6483.exe
c:\windows\system32\6617.exe
c:\windows\system32\6618.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\6900.exe
c:\windows\system32\7129.exe
c:\windows\system32\7376.exe
c:\windows\system32\7391.exe
c:\windows\system32\7441.exe
c:\windows\system32\7448.exe
c:\windows\system32\7487.exe
c:\windows\system32\7518.exe
c:\windows\system32\7616.exe
c:\windows\system32\7627.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\7958.exe
c:\windows\system32\8177.exe
c:\windows\system32\8281.exe
c:\windows\system32\8313.exe
c:\windows\system32\8480.exe
c:\windows\system32\8723.exe
c:\windows\system32\8909.exe
c:\windows\system32\8942.exe
c:\windows\system32\900.exe
c:\windows\system32\9040.exe
c:\windows\system32\912.exe
c:\windows\system32\9161.exe
c:\windows\system32\9314.exe
c:\windows\system32\9374.exe
c:\windows\system32\9503.exe
c:\windows\system32\9512.exe
c:\windows\system32\9514.exe
c:\windows\system32\9741.exe
c:\windows\system32\9758.exe
c:\windows\system32\9789.exe
c:\windows\system32\9832.exe
c:\windows\system32\9894.exe
c:\windows\system32\9905.exe
c:\windows\system32\9930.exe
c:\windows\system32\9961.exe
c:\windows\system32\a9k.bin
c:\windows\system32\AVR10.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{1AA58918-1ADD-4185-8779-829C24033F19}\RP1131\A0170220.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 18:28 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-05 18:28 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 12:47 . 2009-11-26 12:47 -------- d-----w- c:\program files\Common Files\Thraex Software
2009-11-15 21:21 . 2009-11-15 21:21 -------- d-----w- c:\program files\Common Files\AlphaAntUninstall
2009-11-15 21:21 . 2009-11-15 21:21 372224 ----a-w- c:\windows\system32\ExplorerImages.dll
2009-11-11 08:29 . 2009-11-11 08:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 18:56 . 2009-03-31 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 14:33 . 2009-03-31 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-16 02:58 . 2009-08-07 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-16 02:58 . 2008-12-31 15:02 -------- d-----w- c:\program files\Norton Security Scan
2009-11-16 02:58 . 2008-12-31 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-20 20:18 . 2009-09-20 20:18 28120 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-17 21:20 . 2009-09-17 21:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-09-18 200704]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 122880]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-03-24 1380352]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"McRegWiz"="c:\progra~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 135168]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmod11]
2009-04-08 16:11 5136 ----a-w- c:\windows\system32\pmod11.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\00setup.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
.
Contents of the 'Scheduled Tasks' folder
2009-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2007-04-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8136064436.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwX5bEaI0bVldJT02fs60or4yVdsOeZktD8vDhOhfKtM7gtrrxCPbtcSFpswRem0ePdDCSwWlOHtQZRBz/3XV8rmSj3vggDzYrCA10CUbedEQ=
IE: &Search - ?p=ZCxdm801YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SHRThinkingGames - c:\cwonders\SHRTHINK\CWRUN.EXE SHRThinkingGames UninstallExe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 13:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\pmod11.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-12-05 13:34
ComboFix-quarantined-files.txt 2009-12-05 18:34
Pre-Run: 4,104,142,848 bytes free
Post-Run: 4,382,642,176 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 17E0B59E3123DAAFEC1F42B27782AB60
Hi again,
Uninstall Ask Toolbar if not installed on purpose.
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
File::
C:\-335392864
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
bmueller
2009-12-11, 03:34
Ahhhhhh it looks as though my desktop is back...Thank you very much!
I could not use the Kapersky scanning tool. I have Java 1.6 running as instructed and have rebooted, but still no luck!
Here are the logs nonetheless:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Alexis M at 21:26:44.71 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.115 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Alexis M\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~2.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136066392421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: pmod11 - pmod11.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-1-7 83181]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-1-7 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-1-7 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-12-31 106496]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-12-31 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-12-31 23296]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-31 245760]
=============== Created Last 30 ================
2009-12-11 01:56:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-11 01:31:58 0 d--h--w- c:\windows\PIF
2009-12-11 01:17:43 0 d-----w- c:\documents and settings\alexis m\.SunDownloadManager
2009-12-09 08:03:46 118 ----a-w- c:\windows\system32\MRT.INI
2009-12-09 08:00:40 0 d-----w- C:\dbe5028df8fa5adfdd49bed1
2009-12-05 18:28:37 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-05 18:28:37 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-05 17:59:14 0 d-sha-r- C:\cmdcons
2009-12-05 17:54:24 98816 ----a-w- c:\windows\sed.exe
2009-12-05 17:54:24 77312 ----a-w- c:\windows\MBR.exe
2009-12-05 17:54:24 260608 ----a-w- c:\windows\PEV.exe
2009-12-05 17:54:24 161792 ----a-w- c:\windows\SWREG.exe
2009-11-26 12:47:10 0 d-----w- c:\program files\common files\Thraex Software
2009-11-15 21:21:24 0 d-----w- c:\program files\common files\AlphaAntUninstall
==================== Find3M ====================
2009-12-11 01:55:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-20 20:18:11 28120 ---ha-w- c:\windows\system32\mlfcache.dat
============= FINISH: 21:27:56.31 ===============
AND:
ComboFix 09-12-04.05 - Alexis M 12/10/2009 19:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.239 [GMT -5:00]
Running from: c:\documents and settings\Alexis M\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alexis M\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"C:\-335392864"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-335392864
.
((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.
2009-12-09 08:00 . 2009-12-09 08:00 -------- d-----w- C:\dbe5028df8fa5adfdd49bed1
2009-12-05 18:28 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-05 18:28 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 12:47 . 2009-11-26 12:47 -------- d-----w- c:\program files\Common Files\Thraex Software
2009-11-15 21:21 . 2009-11-15 21:21 -------- d-----w- c:\program files\Common Files\AlphaAntUninstall
2009-11-11 08:29 . 2009-11-11 08:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:56 . 2006-04-26 22:11 -------- d-----w- c:\documents and settings\Alexis M\Application Data\McAfee.com Personal Firewall
2009-11-29 18:56 . 2009-03-31 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 14:33 . 2009-03-31 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-16 02:58 . 2009-08-07 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-16 02:58 . 2008-12-31 15:02 -------- d-----w- c:\program files\Norton Security Scan
2009-11-16 02:58 . 2008-12-31 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-04 12:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 12:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-20 20:18 . 2009-09-20 20:18 28120 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-17 21:20 . 2009-09-17 21:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-12-05_18.30.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-10 00:22 . 2009-12-10 00:22 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat
- 2004-08-04 12:00 . 2009-11-04 11:49 52764 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-12-11 00:17 52764 c:\windows\system32\perfc009.dat
+ 2007-08-13 22:54 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-11 08:59 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 08:59 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 12:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2009-04-07 20:30 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-07 20:30 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll
- 2006-01-15 17:55 . 2009-11-11 08:06 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-12-10 00:04 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
- 2006-01-15 17:55 . 2009-11-11 08:06 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-01-15 17:55 . 2009-11-11 08:06 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-08-04 12:00 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2009-11-04 11:49 380350 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-12-11 00:17 380350 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2007-08-13 22:54 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\dllcache\oakley.dll
- 2009-04-07 20:30 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-07 20:30 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-11 08:59 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-11 08:59 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys
+ 2009-11-05 19:21 . 2009-11-05 19:21 537600 c:\windows\Installer\b89890a.msp
- 2006-01-15 17:55 . 2009-11-11 08:06 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-01-15 17:55 . 2009-12-10 00:03 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-12-10 00:04 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-10 00:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-10 00:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-10 00:04 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-10 00:04 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2004-10-08 23:48 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys
- 2004-08-04 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
- 2007-08-13 22:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
- 2004-08-04 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-07 20:30 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-07 20:30 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-10 00:04 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2006-01-04 23:09 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2009-04-07 20:30 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-10 00:04 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-09-18 200704]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 122880]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-03-24 1380352]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmod11]
2009-04-08 16:11 5136 ----a-w- c:\windows\system32\pmod11.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\00setup.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [12/31/2005 4:36 PM 23296]
.
Contents of the 'Scheduled Tasks' folder
2009-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2007-04-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8136064436.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-AlphaAnt - c:\program files\AlphaAnt\alpha.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 19:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1958367476-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,81,a3,12,0e,bd,b4,d7,8e,b0,83,8c,d0,af,63,82,70,38,0f,7e,67,c5,81,
1c,1f,ae,a2,5b,ee,8a,3b,6a,fb,c8,a5,89,06,e4,aa,b8,4a,fe,41,53,a9,ba,4b,93,\
"??"=hex:e3,c1,d6,7c,04,71,cd,bd,13,10,cf,5e,80,1c,ee,78
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\pmod11.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-12-10 20:01
ComboFix-quarantined-files.txt 2009-12-11 01:01
ComboFix2.txt 2009-12-05 18:34
Pre-Run: 4,090,789,888 bytes free
Post-Run: 4,057,849,856 bytes free
- - End Of File - - 4DBCE2EEC0A69502A98F0BF005B7B4CC
It doesn't look like it's very exciting to read!
Thanks again...I'll check back for your comments.
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
bmueller
2009-12-13, 17:33
Ok...here is the log. On a side note, I have lost my sound.
Malwarebytes' Anti-Malware 1.42
Database version: 3347
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/13/2009 11:26:34 AM
mbam-log-2009-12-13 (11-26-34).txt
Scan type: Quick Scan
Objects scanned: 136343
Time elapsed: 12 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thank you very much...I'll check back.
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\system32\pmod11.dll
Folder::
c:\program files\Common Files\AlphaAntUninstall
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmod11]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds log.
On a side note, I have lost my sound.
Since when has this been occuring? Are the sounds gone in every program?
bmueller
2009-12-13, 17:47
Blade, I found the problem with my sound and corrected it. Just didn't want to waste your time.
It looks as though everything else is working, but I'll check back with you.
Thanks!
Hi,
See my reply posted before your latest one.