View Full Version : win32.agent.gvu Help please
chrisbva81
2010-02-25, 01:54
I got a virus a few months back and I'm not sure the name of it. Recently, I ran sypbot and it found win32.agent.gvu. For a while now when I try to search Google or any other major search engines my browser give the error "The connection was reset". I read that it was because of malware. Thanks everyone in advance for your help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:32 PM, on 2/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://academic.cengage.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://toolbarupdate.myspacecdn.com
O15 - Trusted Zone: http://www.pokerstars.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCMobilizr Connection Service (PCMobilizr) - Unknown owner - C:\Program Files\PCMobilizr\PCMobilizrService.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11944 bytes
chrisbva81
2010-03-02, 04:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:21 PM, on 3/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://academic.cengage.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://toolbarupdate.myspacecdn.com
O15 - Trusted Zone: http://www.pokerstars.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Hewlett-Packard Company - (no file)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10381 bytes
Hello,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
chrisbva81
2010-03-02, 21:29
DDS (Ver_09-09-29.01) - NTFSx86
Run by chris at 14:26:30.50 on Tue 03/02/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.727 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AdwareAlert *enabled* (Updated) {02F2245C-C701-4351-BA7B-DFECE65DE7B2}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\chris\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2009-1-14 53412]
R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-6-4 451904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-30 93320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-18 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-15 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-7 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2008-7-15 44032]
=============== Created Last 30 ================
2010-03-01 20:53 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2010-03-01 20:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2010-03-01 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2010-03-01 20:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-01 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 20:15 <DIR> --d----- c:\windows\pss
2010-02-25 21:25 <DIR> --d----- c:\programdata\WindowsSearch
2010-02-25 21:00 87,712 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 20:20 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 20:20 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 20:20 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 20:20 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 20:20 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 20:20 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 20:20 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 20:20 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 20:19 1,696,256 a------- c:\windows\system32\gameux.dll
2010-02-25 20:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-02-25 20:16 <DIR> --d----- c:\program files\Free Window Registry Repair
2010-02-25 00:40 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 19:21 1,640,400 a------- c:\windows\PCTBDCore.dll.old
2010-02-24 19:21 767,952 a------- c:\windows\BDTSupport.dll.old
2010-02-24 18:59 <DIR> --d----- c:\program files\Spyware Doctor
2010-02-23 23:51 <DIR> --d----- c:\programdata\Norton
2010-02-23 23:51 <DIR> --d----- c:\progra~2\Norton
2010-02-23 23:51 <DIR> --d----- c:\programdata\NortonInstaller
2010-02-23 23:51 <DIR> --d----- c:\progra~2\NortonInstaller
2010-02-23 22:57 <DIR> --d----- c:\temp\ListDLLS
2010-02-23 22:57 <DIR> --d----- C:\Temp
2010-02-23 21:23 <DIR> --d----- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-18 22:49 <DIR> --d----- c:\programdata\NOS
2010-02-18 21:01 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2010-02-18 18:20 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 18:20 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 17:40 <DIR> --d----- c:\users\chris\appdata\roaming\Symantec
2010-02-11 20:01 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 20:01 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
==================== Find3M ====================
2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-18 18:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-02-18 18:23 51,200 a------- c:\windows\inf\infpub.dat
2010-02-18 18:23 86,016 a------- c:\windows\inf\infstor.dat
2010-01-06 10:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-01-06 10:38 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-01-06 10:38 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-01-06 10:38 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-01-02 01:38 916,480 a------- c:\windows\system32\wininet.dll
2010-01-02 01:32 109,056 a------- c:\windows\system32\iesysprep.dll
2010-01-02 01:32 71,680 a------- c:\windows\system32\iesetup.dll
2010-01-01 23:57 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-12-20 20:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-12-18 16:32 196,199 a------- c:\windows\hpoins41.dat
2009-12-04 13:30 12,288 a------- c:\windows\system32\tsbyuv.dll
2009-12-04 13:29 1,314,816 a------- c:\windows\system32\quartz.dll
2009-12-04 13:28 22,528 a------- c:\windows\system32\msyuv.dll
2009-12-04 13:28 123,904 a------- c:\windows\system32\msvfw32.dll
2009-12-04 13:28 31,744 a------- c:\windows\system32\msvidc32.dll
2009-12-04 13:28 13,312 a------- c:\windows\system32\msrle32.dll
2009-12-04 13:28 82,944 a------- c:\windows\system32\mciavi32.dll
2009-12-04 13:28 50,176 a------- c:\windows\system32\iyuv_32.dll
2009-12-04 13:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-11-17 03:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-05 22:40 356 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2008-07-19 02:05 635,525 a------- c:\users\chris\newcodec.exe
2008-04-16 00:42 174 a--sh--- c:\program files\desktop.ini
2007-10-23 12:51 243,226,648 a------- c:\users\chris\Desktop Software v4.2 SP2 (English).exe
2007-10-23 11:01 442,335 a------- c:\users\chris\net_rim_theme_bb_today_240x260.zip
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 14:27:06.19 ===============
chrisbva81
2010-03-02, 21:31
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2007 12:42:29 PM
System Uptime: 3/2/2010 2:12:53 PM (0 hours ago)
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 292 GiB total, 178.27 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.889 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce RAID Device
Device ID: ROOT\NVRAIDSETUP\0000
Manufacturer: NVIDIA Corporation
Name: NVIDIA nForce RAID Device
PNP Device ID: ROOT\NVRAIDSETUP\0000
Service: nvrd32
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce RAID Device
Device ID: ROOT\NVRAIDSETUP\0001
Manufacturer: NVIDIA Corporation
Name: NVIDIA nForce RAID Device
PNP Device ID: ROOT\NVRAIDSETUP\0001
Service: nvrd32
==== System Restore Points ===================
==== Installed Programs ======================
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Ad-Aware Email Scanner for Outlook
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro
Adobe Reader 9.3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BOINC
BufferChm
C309g-m
Cakewalk Pyro 1.5
CleanUp!
Compatibility Pack for the 2007 Office system
Destinations
DeviceDiscovery
DHTML Editing Component
DivX
Download Accelerator Plus (DAP)
Empire Earth II
Enhanced Multimedia Keyboard Solution
Flickr Uploadr 2.5.0.14
FlipShare
Free Window Registry Repair
Google Desktop
Google Earth
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Picasso Media Center Add-In
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
Last.fm 1.5.4.24567
LightScribe 1.4.124.1
Linksys Wireless-N USB Network Adapter WUSB300N
Logitech QuickCam
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft Flight Simulator 98
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Neopets
Network
NSIS Mixxx
NVIDIA Drivers
oDesk MiniCam 2.0.73
oDesk ScreenSnap 2.0.113
oDesk Share 2.0.69
oDesk Team 2.0.140
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OverDrive Media Console
Paint Shop Pro 7 ESD
PDF Settings
Picasa 2
Picture Viewer (Beta) for Windows SideShow
Plato Video To 3GP Converter 3.67
PokerStars
Polyglot 3000 (Version 3.20)
Pro Tracks Plus 2.2
ProjectWhois
PS_AIO_06_C309g-m_SW_Min
Python 2.4.3
QuickTime
RealProducer Plus 8.5
Realtek High Definition Audio Driver
Roxio Creator Basic v9
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
SimCity 4 Deluxe
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
Status
Tassman DXi SE 2.0
The Big Box of Art 410,000
The Sims 2
Toolbox
TrayApp
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Drum V1.03
Utherverse 3D Client
VC 9.0 Runtime
VisionGS PE
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect Office 2002 Professional
==== End Of File ===========================
chrisbva81
2010-03-02, 21:55
I'm waiting for the GMER scan to complete. I did a scan with Malwarbytes this morning and it found a lot of stuff. I'd figure I'd post the log incase it may help. I've used multiple scanners and they seem to find infections but it doesn't go away. Everything was removed successfully.
Thanks for your help!
Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
3/2/2010 2:10:30 PM
mbam-log-2010-03-02 (14-10-16).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 467768
Time elapsed: 3 hour(s), 52 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101464955.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465050.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465055.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465248.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465249.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465349.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465649.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\bx4657.dat (KoobFace.Trace) -> No action taken.
C:\Windows\tw23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\hpm2.dat (KoobFace.Trace) -> No action taken.
C:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
C:\Windows\tgm2.dat (KoobFace.Trace) -> No action taken.
C:\Program Files\Mozilla Firefox\ftemp.exe (Trojan.Dropper) -> No action taken.
C:\Windows\010112010146101105.rx (Malware.Trace) -> No action taken.
chrisbva81
2010-03-02, 23:06
When I run GMER it crashes and sends me to the blue screen about memory dumping and then my computer restarts.
Thanks!
Hi,
Ok. Let's continue with ComboFix.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
chrisbva81
2010-03-03, 18:50
ComboFix 10-03-02.08 - chris 03/03/2010 11:28:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1022 [GMT -5:00]
Running from: C:\Users\chris\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-1043595940-1142482288-2820407123-500
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
C:\Windows\system32\MSIMRT.DLL
C:\Windows\system32\MSIMRT32.DLL
C:\Windows\system32\MSIMUSIC.DLL
C:\Windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-02 21:46:27 . 2010-03-02 21:46:27 -------- d-----w- C:\Users\chris\Office Genuine Advantage
2010-03-02 01:53:22 . 2010-03-02 01:53:22 -------- d-----w- C:\Users\chris\AppData\Roaming\Malwarebytes
2010-03-02 01:53:15 . 2010-01-07 21:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-03-02 01:53:12 . 2010-03-02 01:53:20 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-02 01:53:12 . 2010-01-07 21:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-26 02:00:49 . 2010-02-26 02:00:49 87712 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2010-02-26 01:20:32 . 2010-01-25 12:00:35 471552 ----a-w- C:\Windows\system32\secproc_isv.dll
2010-02-26 01:20:32 . 2010-01-25 12:00:22 471552 ----a-w- C:\Windows\system32\secproc.dll
2010-02-26 01:20:30 . 2010-01-25 08:21:20 526336 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:20 346624 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:18 518144 ----a-w- C:\Windows\system32\RMActivate.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:18 347136 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2010-02-26 01:20:29 . 2010-01-25 12:00:35 152576 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-26 01:20:29 . 2010-01-25 12:00:35 152064 ----a-w- C:\Windows\system32\secproc_ssp.dll
2010-02-26 01:20:29 . 2010-01-25 11:58:52 332288 ----a-w- C:\Windows\system32\msdrm.dll
2010-02-26 01:20:13 . 2010-01-23 09:26:13 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-02-26 01:19:12 . 2010-01-06 15:39:38 1696256 ----a-w- C:\Windows\system32\gameux.dll
2010-02-26 01:19:10 . 2010-01-06 15:38:47 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2010-02-26 01:19:10 . 2010-01-06 13:30:41 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-26 01:16:38 . 2010-02-26 01:33:19 -------- d-----w- C:\Program Files\Free Window Registry Repair
2010-02-25 18:32:17 . 2010-02-25 18:32:17 -------- d-----w- C:\Users\chris\AppData\Local\Threat Expert
2010-02-25 05:40:15 . 2010-02-25 05:40:13 95024 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2010-02-24 23:59:33 . 2010-03-02 01:19:03 -------- d-----w- C:\Program Files\Spyware Doctor
2010-02-24 03:57:37 . 2010-02-24 04:14:04 -------- d-----w- C:\temp\ListDLLS
2010-02-24 03:57:37 . 2010-02-24 03:57:37 -------- d-----w- C:\Temp
2010-02-24 02:23:18 . 2010-02-24 02:23:19 -------- d-----w- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-19 03:24:26 . 2009-12-16 21:05:58 347136 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-19 03:24:26 . 2009-12-16 21:05:58 340992 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-19 03:24:26 . 2009-12-16 21:05:56 43008 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-19 03:24:24 . 2009-12-16 21:05:58 471040 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-02-19 03:24:24 . 2009-12-16 21:05:56 1452032 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-19 02:01:05 . 2010-02-19 22:24:12 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-02-18 23:30:40 . 2010-02-18 23:30:40 -------- d-----w- C:\Users\chrisb\AppData\Roaming\InstallShield
2010-02-18 23:20:36 . 2009-12-08 20:01:02 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-02-18 23:20:36 . 2009-12-08 20:01:02 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-02-18 22:40:26 . 2010-02-18 22:40:26 -------- d-----w- C:\Users\chris\AppData\Roaming\Symantec
2010-02-12 01:01:51 . 2009-12-04 15:56:09 105984 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-02-12 01:01:50 . 2009-12-04 15:56:16 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 01:39:49 . 2007-03-30 18:03:32 -------- d-----w- C:\Program Files\Java
2010-03-02 01:11:10 . 2007-04-09 03:00:47 -------- d-----w- C:\Program Files\Lavasoft
2010-02-26 01:58:00 . 2007-03-28 20:58:26 8224 ----a-w- C:\Users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 05:44:03 . 2007-01-23 03:35:42 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-02-24 14:16:06 . 2009-10-03 01:48:49 181632 ------w- C:\Windows\system32\MpSigStub.exe
2010-02-24 06:39:32 . 2007-01-23 03:28:31 -------- d-----w- C:\Program Files\Microsoft Works
2010-02-19 06:24:24 . 2007-01-23 03:27:08 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-02-18 23:30:45 . 2008-04-17 15:05:39 87144 ----a-w- C:\Users\chrisb\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 23:29:39 . 2009-10-28 00:56:16 -------- d-----w- C:\Program Files\McAfee
2010-02-18 22:36:18 . 2007-01-23 03:34:19 -------- d-----w- C:\Program Files\Yahoo!
2010-02-17 03:26:49 . 2007-11-27 22:52:37 -------- d-----w- C:\Program Files\DAP
2010-02-17 03:24:42 . 2007-05-28 19:04:49 -------- d-----w- C:\Program Files\GameSpy Arcade
2010-02-17 03:22:41 . 2008-07-16 03:43:26 -------- d-----w- C:\Program Files\ma-config.com
2010-02-17 03:21:55 . 2007-03-29 07:10:23 -------- d-----w- C:\Program Files\Google
2010-02-17 03:11:52 . 2008-04-30 05:00:20 -------- d-----w- C:\Users\chris\AppData\Roaming\yahoo!
2010-02-17 03:04:48 . 2007-04-12 05:36:55 -------- d-----w- C:\Program Files\MySpace
2010-02-12 21:37:33 . 2007-04-09 07:05:46 -------- d-----w- C:\Program Files\Picasa2
2010-02-12 01:20:19 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-01-22 00:56:42 . 2009-07-25 03:09:58 -------- d-----w- C:\Program Files\Bonjour
2010-01-13 22:19:56 . 2010-01-13 22:19:56 -------- d-----w- C:\Program Files\Microsoft.NET
2010-01-06 15:38:40 . 2010-02-26 01:19:11 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll
2010-01-02 06:38:20 . 2010-02-05 15:11:46 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-01-02 06:32:33 . 2010-02-05 15:11:43 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-01-02 06:32:33 . 2010-02-05 15:11:42 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-01-02 04:57:00 . 2010-02-05 15:11:43 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-28 01:39:08 . 2007-06-09 07:38:36 84808 ----a-w- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-21 01:21:33 . 2009-12-19 02:17:36 43520 ----a-w- C:\Windows\system32\CmdLineExt03.dll
2009-12-18 21:32:03 . 2009-12-18 21:04:31 196199 ----a-w- C:\Windows\hpoins41.dat
2009-12-11 11:43:30 . 2010-02-12 01:02:25 302080 ----a-w- C:\Windows\system32\drivers\srv.sys
2009-12-11 11:43:11 . 2010-02-12 01:02:24 98816 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2009-12-08 20:01:08 . 2010-02-12 01:02:18 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-12-08 17:26:18 . 2010-02-12 01:02:16 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30:05 . 2010-02-12 01:02:06 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2009-12-04 18:29:41 . 2010-02-12 01:02:09 1314816 ----a-w- C:\Windows\system32\quartz.dll
2009-12-04 18:28:52 . 2010-02-12 01:02:06 22528 ----a-w- C:\Windows\system32\msyuv.dll
2009-12-04 18:28:51 . 2010-02-12 01:02:07 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2009-12-04 18:28:51 . 2010-02-12 01:02:05 123904 ----a-w- C:\Windows\system32\msvfw32.dll
2009-12-04 18:28:49 . 2010-02-12 01:02:06 13312 ----a-w- C:\Windows\system32\msrle32.dll
2009-12-04 18:28:27 . 2010-02-12 01:02:06 82944 ----a-w- C:\Windows\system32\mciavi32.dll
2009-12-04 18:28:21 . 2010-02-12 01:02:06 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2009-12-04 18:27:12 . 2010-02-12 01:02:05 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-11-24 14:09:41 . 2007-09-07 05:05:22 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 22:59:24 1480296]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 07:33:25 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16:56 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 09:52:08 4702208]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-24 14:09:40 30192]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-11-27 22:52:38 4568576]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 13:39:28 98304]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 01:49:00 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 01:49:00 92704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 11:54:44 1218008]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2009-07-08 02:02:26 1176808]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 21:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 06:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 20:57:56 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18:15 443968]
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
CorelCENTRAL 10.lnk - C:\Windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2009-9-8 5222]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-1-22 34520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40:32 218032 ----a-w- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):30,ea,79,c3,f1,57,ca,01
R1 GearAspiSys;GearAspiSys;C:\Windows\System32\drivers\GEARASPISYS.SYS [1/14/2009 12:14:29 AM 53412]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [10/30/2009 8:01:43 PM 93320]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2/18/2010 9:01:09 PM 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);C:\Windows\System32\drivers\MRVW24B.sys [3/19/2008 6:10:54 AM 310016]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2/16/2010 10:21:16 PM 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [9/7/2007 12:05:02 AM 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\Windows\System32\drivers\lvce.sys [7/15/2008 11:05:40 PM 44032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21:16 . 2010-02-17 03:21:01]
2010-03-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21:16 . 2010-02-17 03:21:01]
2010-01-15 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-02 11:24:09 . 2009-09-25 17:22:14]
2010-03-01 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-02 11:24:09 . 2009-09-25 17:22:14]
2010-03-03 C:\Windows\Tasks\User_Feed_Synchronization-{9D06D051-B2F1-45C3-A333-1788B0761893}.job
- C:\Windows\system32\msfeedssync.exe [2010-02-05 15:11:42 . 2010-01-02 04:56:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
FF - ProfilePath - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\
FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
chrisbva81
2010-03-03, 18:52
DDS (Ver_09-09-29.01) - NTFSx86
Run by chris at 11:50:47.86 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.747 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\hp\kbd\kbd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\chris\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2009-1-14 53412]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2008-7-15 44032]
=============== Created Last 30 ================
2010-03-03 11:45 <DIR> --dsh--- C:\$RECYCLE.BIN
2010-03-03 11:25 77,312 a------- c:\windows\MBR.exe
2010-03-03 11:25 261,632 a------- c:\windows\PEV.exe
2010-03-03 11:25 161,792 a------- c:\windows\SWREG.exe
2010-03-03 11:25 98,816 a------- c:\windows\sed.exe
2010-03-03 11:25 <DIR> --d----- C:\ComboFix
2010-03-02 16:46 <DIR> --d----- c:\programdata\Office Genuine Advantage
2010-03-02 16:46 <DIR> --d----- c:\users\chris\Office Genuine Advantage
2010-03-01 20:53 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2010-03-01 20:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2010-03-01 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2010-03-01 20:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-01 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 20:15 <DIR> --d----- c:\windows\pss
2010-02-25 21:25 <DIR> --d----- c:\programdata\WindowsSearch
2010-02-25 21:00 87,712 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 20:20 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 20:20 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 20:20 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 20:20 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 20:20 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 20:20 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 20:20 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 20:20 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 20:19 1,696,256 a------- c:\windows\system32\gameux.dll
2010-02-25 20:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-02-25 20:16 <DIR> --d----- c:\program files\Free Window Registry Repair
2010-02-25 00:40 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 19:21 1,640,400 a------- c:\windows\PCTBDCore.dll.old
2010-02-24 19:21 767,952 a------- c:\windows\BDTSupport.dll.old
2010-02-24 18:59 <DIR> --d----- c:\program files\Spyware Doctor
2010-02-23 23:51 <DIR> --d----- c:\programdata\Norton
2010-02-23 23:51 <DIR> --d----- c:\progra~2\Norton
2010-02-23 23:51 <DIR> --d----- c:\programdata\NortonInstaller
2010-02-23 23:51 <DIR> --d----- c:\progra~2\NortonInstaller
2010-02-23 22:57 <DIR> --d----- c:\temp\ListDLLS
2010-02-23 22:57 <DIR> --d----- C:\Temp
2010-02-23 21:23 <DIR> --d----- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-18 22:49 <DIR> --d----- c:\programdata\NOS
2010-02-18 21:01 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2010-02-18 18:20 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 18:20 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 17:40 <DIR> --d----- c:\users\chris\appdata\roaming\Symantec
2010-02-11 20:01 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 20:01 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
==================== Find3M ====================
2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-18 18:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-02-18 18:23 51,200 a------- c:\windows\inf\infpub.dat
2010-02-18 18:23 86,016 a------- c:\windows\inf\infstor.dat
2010-01-06 10:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-01-06 10:38 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-01-06 10:38 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-01-06 10:38 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-01-02 01:38 916,480 a------- c:\windows\system32\wininet.dll
2010-01-02 01:32 109,056 a------- c:\windows\system32\iesysprep.dll
2010-01-02 01:32 71,680 a------- c:\windows\system32\iesetup.dll
2010-01-01 23:57 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-12-20 20:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-12-18 16:32 196,199 a------- c:\windows\hpoins41.dat
2009-12-04 13:30 12,288 a------- c:\windows\system32\tsbyuv.dll
2009-12-04 13:29 1,314,816 a------- c:\windows\system32\quartz.dll
2009-12-04 13:28 22,528 a------- c:\windows\system32\msyuv.dll
2009-12-04 13:28 123,904 a------- c:\windows\system32\msvfw32.dll
2009-12-04 13:28 31,744 a------- c:\windows\system32\msvidc32.dll
2009-12-04 13:28 13,312 a------- c:\windows\system32\msrle32.dll
2009-12-04 13:28 82,944 a------- c:\windows\system32\mciavi32.dll
2009-12-04 13:28 50,176 a------- c:\windows\system32\iyuv_32.dll
2009-12-04 13:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-11-17 03:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-05 22:40 356 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2008-07-19 02:05 635,525 a------- c:\users\chris\newcodec.exe
2008-04-16 00:42 174 a--sh--- c:\program files\desktop.ini
2007-10-23 12:51 243,226,648 a------- c:\users\chris\Desktop Software v4.2 SP2 (English).exe
2007-10-23 11:01 442,335 a------- c:\users\chris\net_rim_theme_bb_today_240x260.zip
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 11:51:57.30 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
FileLook::
c:\users\chris\newcodec.exe
DDS::
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Get update 9.3.1 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked
Click Scan
Wait for the scan to finish
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running?
chrisbva81
2010-03-04, 02:35
ComboFix 10-03-02.08 - chris 03/03/2010 18:12:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1123 [GMT -5:00]
Running from: c:\users\chris\Downloads\ComboFix.exe
Command switches used :: c:\users\chris\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1043595940-1142482288-2820407123-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\system32\MSIMRT.DLL
c:\windows\system32\MSIMRT32.DLL
c:\windows\system32\MSIMUSIC.DLL
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 23:20 . 2010-03-03 23:20 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-03-03 23:20 . 2010-03-03 23:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-03 23:20 . 2010-03-03 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 23:20 . 2010-03-03 23:20 -------- d-----w- c:\users\chrisb\AppData\Local\temp
2010-03-02 21:46 . 2010-03-02 21:46 -------- d-----w- c:\users\chris\Office Genuine Advantage
2010-03-02 01:53 . 2010-03-02 01:53 -------- d-----w- c:\users\chris\AppData\Roaming\Malwarebytes
2010-03-02 01:53 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 01:53 . 2010-03-02 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 01:53 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 02:00 . 2010-02-26 02:00 87712 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-26 01:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-26 01:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-26 01:20 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-26 01:20 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-26 01:20 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-26 01:20 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-26 01:20 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-26 01:20 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-26 01:20 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-26 01:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-26 01:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-26 01:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-26 01:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-26 01:16 . 2010-02-26 01:33 -------- d-----w- c:\program files\Free Window Registry Repair
2010-02-25 18:32 . 2010-02-25 18:32 -------- d-----w- c:\users\chris\AppData\Local\Threat Expert
2010-02-25 05:40 . 2010-02-25 05:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 23:59 . 2010-03-02 01:19 -------- d-----w- c:\program files\Spyware Doctor
2010-02-24 03:57 . 2010-02-24 04:14 -------- d-----w- c:\temp\ListDLLS
2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- C:\Temp
2010-02-24 02:23 . 2010-02-24 02:23 -------- d-----w- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-19 03:24 . 2009-12-16 21:05 347136 ----a-w- c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-19 03:24 . 2009-12-16 21:05 340992 ----a-w- c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-19 03:24 . 2009-12-16 21:05 43008 ----a-w- c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-19 03:24 . 2009-12-16 21:05 471040 ----a-w- c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-02-19 03:24 . 2009-12-16 21:05 1452032 ----a-w- c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-19 02:01 . 2010-02-19 22:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-18 23:30 . 2010-02-18 23:30 -------- d-----w- c:\users\chrisb\AppData\Roaming\InstallShield
2010-02-18 23:20 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 23:20 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 22:40 . 2010-02-18 22:40 -------- d-----w- c:\users\chris\AppData\Roaming\Symantec
2010-02-12 01:01 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 01:01 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 01:39 . 2007-03-30 18:03 -------- d-----w- c:\program files\Java
2010-03-02 01:11 . 2007-04-09 03:00 -------- d-----w- c:\program files\Lavasoft
2010-02-26 01:58 . 2007-03-28 20:58 8224 ----a-w- c:\users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 05:44 . 2007-01-23 03:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-24 14:16 . 2009-10-03 01:48 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 06:39 . 2007-01-23 03:28 -------- d-----w- c:\program files\Microsoft Works
2010-02-19 06:24 . 2007-01-23 03:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-18 23:30 . 2008-04-17 15:05 87144 ----a-w- c:\users\chrisb\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 23:29 . 2009-10-28 00:56 -------- d-----w- c:\program files\McAfee
2010-02-18 22:36 . 2007-01-23 03:34 -------- d-----w- c:\program files\Yahoo!
2010-02-17 03:26 . 2007-11-27 22:52 -------- d-----w- c:\program files\DAP
2010-02-17 03:24 . 2007-05-28 19:04 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-17 03:22 . 2008-07-16 03:43 -------- d-----w- c:\program files\ma-config.com
2010-02-17 03:21 . 2007-03-29 07:10 -------- d-----w- c:\program files\Google
2010-02-17 03:11 . 2008-04-30 05:00 -------- d-----w- c:\users\chris\AppData\Roaming\yahoo!
2010-02-17 03:04 . 2007-04-12 05:36 -------- d-----w- c:\program files\MySpace
2010-02-12 21:37 . 2007-04-09 07:05 -------- d-----w- c:\program files\Picasa2
2010-02-12 01:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-22 00:56 . 2009-07-25 03:09 -------- d-----w- c:\program files\Bonjour
2010-01-13 22:19 . 2010-01-13 22:19 -------- d-----w- c:\program files\Microsoft.NET
2010-01-06 15:38 . 2010-02-26 01:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-26 01:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-26 01:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-26 01:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-02-05 15:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-05 15:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-02-05 15:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-02-05 15:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 01:39 . 2007-06-09 07:38 84808 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-21 01:21 . 2009-12-19 02:17 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-18 21:32 . 2009-12-18 21:04 196199 ----a-w- c:\windows\hpoins41.dat
2009-12-11 11:43 . 2010-02-12 01:02 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-12 01:02 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-12 01:02 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-12 01:02 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-12 01:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-12 01:02 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-12 01:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-12 01:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-12 01:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-12 01:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-12 01:02 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-12 01:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-12 01:02 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 14:09 . 2007-09-07 05:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\users\chris\newcodec.exe ---
Company: XviD Team (Koepi)
File Description: XviD Setup
File Version:
Product Name:
Copyright: ------
Original Filename:
File size: 635525
Created time: 2008-07-19 07:05
Modified time: 2008-07-19 07:05
MD5: 099139C82C7B8EA595D406A47EF28615
SHA1: AE677A22EA08C0993CD1E3B0F43669DB7C9BFCE8
((((((((((((((((((((((((((((( SnapShot@2010-03-03_16.39.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-28 18:59 . 2010-03-03 16:46 79508 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-03-03 16:16 75434 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-03 16:46 75434 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-03-28 20:53 . 2010-03-03 16:46 15026 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2373625125-4235689477-3862646164-1000_UserData.bin
+ 2007-03-28 20:48 . 2010-03-03 16:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-28 20:48 . 2010-03-03 16:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-28 20:48 . 2010-03-03 16:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-28 20:48 . 2010-03-03 16:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-25 11:32 . 2010-03-03 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 11:32 . 2010-03-03 16:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 11:32 . 2010-03-03 16:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 11:32 . 2010-03-03 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-25 11:32 . 2010-03-03 16:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-25 11:32 . 2010-03-03 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-03 15:56 . 2010-03-03 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-03 16:44 . 2010-03-03 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-03 15:56 . 2010-03-03 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-03 16:44 . 2010-03-03 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-27 21:46 . 2010-03-03 15:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-27 21:46 . 2010-03-03 19:45 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-03-28 20:48 . 2010-03-03 16:47 212992 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-28 20:48 . 2010-03-03 16:26 212992 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-26 17:05 . 2010-03-03 16:43 4031360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-02-26 17:05 . 2010-03-03 15:55 4031360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 1480296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-24 30192]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-11-27 4568576]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CorelCENTRAL 10.lnk - c:\windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2009-9-8 5222]
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-1-22 34520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):30,ea,79,c3,f1,57,ca,01
R1 GearAspiSys;GearAspiSys;c:\windows\System32\drivers\GEARASPISYS.SYS [1/14/2009 12:14 AM 53412]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/30/2009 8:01 PM 93320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/18/2010 9:01 PM 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\System32\drivers\MRVW24B.sys [3/19/2008 6:10 AM 310016]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 10:21 PM 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/7/2007 12:05 AM 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\System32\drivers\lvce.sys [7/15/2008 11:05 PM 44032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21]
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21]
2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{9D06D051-B2F1-45C3-A333-1788B0761893}.job
- c:\windows\system32\msfeedssync.exe [2010-02-05 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 18:20
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1392)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-03-03 18:23:40
ComboFix-quarantined-files.txt 2010-03-03 23:23
Pre-Run: 189,877,882,880 bytes free
Post-Run: 189,817,475,072 bytes free
- - End Of File - - 0C0BB1562B29F44AFCBB64AA8E107198
chrisbva81
2010-03-04, 06:32
The ESET scan came up clean. DDS LOG enclosed.
DDS (Ver_09-09-29.01) - NTFSx86
Run by chris at 23:30:32.91 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.801 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\hp\kbd\kbd.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msfeedssync.exe
C:\Users\chris\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2009-1-14 53412]
R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-6-4 451904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-30 93320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-18 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-15 21504]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-4-15 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-7 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2008-7-15 44032]
=============== Created Last 30 ================
2010-03-03 18:57 <DIR> --d----- c:\program files\ESET
2010-03-03 18:22 <DIR> --dsh--- C:\$RECYCLE.BIN
2010-03-03 18:08 <DIR> --d----- C:\ComboFix
2010-03-03 11:25 77,312 a------- c:\windows\MBR.exe
2010-03-03 11:25 261,632 a------- c:\windows\PEV.exe
2010-03-03 11:25 161,792 a------- c:\windows\SWREG.exe
2010-03-03 11:25 98,816 a------- c:\windows\sed.exe
2010-03-02 16:46 <DIR> --d----- c:\programdata\Office Genuine Advantage
2010-03-02 16:46 <DIR> --d----- c:\users\chris\Office Genuine Advantage
2010-03-01 20:53 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2010-03-01 20:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2010-03-01 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2010-03-01 20:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-01 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 20:15 <DIR> --d----- c:\windows\pss
2010-02-25 21:25 <DIR> --d----- c:\programdata\WindowsSearch
2010-02-25 21:00 87,712 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 20:20 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 20:20 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 20:20 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 20:20 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 20:20 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 20:20 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 20:20 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 20:20 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 20:19 1,696,256 a------- c:\windows\system32\gameux.dll
2010-02-25 20:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-02-25 20:16 <DIR> --d----- c:\program files\Free Window Registry Repair
2010-02-25 00:40 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 19:21 1,640,400 a------- c:\windows\PCTBDCore.dll.old
2010-02-24 19:21 767,952 a------- c:\windows\BDTSupport.dll.old
2010-02-24 18:59 <DIR> --d----- c:\program files\Spyware Doctor
2010-02-23 23:51 <DIR> --d----- c:\programdata\Norton
2010-02-23 23:51 <DIR> --d----- c:\progra~2\Norton
2010-02-23 23:51 <DIR> --d----- c:\programdata\NortonInstaller
2010-02-23 23:51 <DIR> --d----- c:\progra~2\NortonInstaller
2010-02-23 22:57 <DIR> --d----- c:\temp\ListDLLS
2010-02-23 22:57 <DIR> --d----- C:\Temp
2010-02-23 21:23 <DIR> --d----- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-18 22:49 <DIR> --d----- c:\programdata\NOS
2010-02-18 21:01 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2010-02-18 18:20 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 18:20 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 17:40 <DIR> --d----- c:\users\chris\appdata\roaming\Symantec
2010-02-11 20:01 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 20:01 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys
==================== Find3M ====================
2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-18 18:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-02-18 18:23 51,200 a------- c:\windows\inf\infpub.dat
2010-02-18 18:23 86,016 a------- c:\windows\inf\infstor.dat
2010-01-06 10:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-01-06 10:38 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-01-06 10:38 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-01-06 10:38 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-01-02 01:38 916,480 a------- c:\windows\system32\wininet.dll
2010-01-02 01:32 109,056 a------- c:\windows\system32\iesysprep.dll
2010-01-02 01:32 71,680 a------- c:\windows\system32\iesetup.dll
2010-01-01 23:57 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-12-20 20:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-12-18 16:32 196,199 a------- c:\windows\hpoins41.dat
2009-12-04 13:30 12,288 a------- c:\windows\system32\tsbyuv.dll
2009-12-04 13:29 1,314,816 a------- c:\windows\system32\quartz.dll
2009-12-04 13:28 22,528 a------- c:\windows\system32\msyuv.dll
2009-12-04 13:28 123,904 a------- c:\windows\system32\msvfw32.dll
2009-12-04 13:28 31,744 a------- c:\windows\system32\msvidc32.dll
2009-12-04 13:28 13,312 a------- c:\windows\system32\msrle32.dll
2009-12-04 13:28 82,944 a------- c:\windows\system32\mciavi32.dll
2009-12-04 13:28 50,176 a------- c:\windows\system32\iyuv_32.dll
2009-12-04 13:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-11-17 03:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-05 22:40 356 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2008-07-19 02:05 635,525 a------- c:\users\chris\newcodec.exe
2008-04-16 00:42 174 a--sh--- c:\program files\desktop.ini
2007-10-23 12:51 243,226,648 a------- c:\users\chris\Desktop Software v4.2 SP2 (English).exe
2007-10-23 11:01 442,335 a------- c:\users\chris\net_rim_theme_bb_today_240x260.zip
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 23:31:15.13 ===============
chrisbva81
2010-03-04, 06:34
Thanks for your help! I greatly appreciate it! Everything is running fine except for the original problem. I still keep having Google and Yahoo stop working and give me the error message once a day and then it goes away. It seems to be lasting for shorter periods of time now.
Hi,
Nothing hits my eye there. Does that same problem exist with both Internet Explorer and Firefox?
chrisbva81
2010-03-08, 18:53
I've been out of town for a bit. I appreciate all your help!
It does happen with Firefox and Internet Explorer.
Hi,
Let's see if you're able to get GMER scan with this set of instructions:
- disable protection software
- in gmer settings, deselect sections and devices.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.