View Full Version : Virtumonde.sci and .snd and maybe more :(
i clicked a search result in google, which took me to a page that ran lots of script in a new tab - it also froze the computer. I thought this is bad - and decided to switch off the pc. Upon returning to Firefox (possibly IE cant remember) amy homepage loaded, but another tab opened with lots of advertisements. The pc is running slower than normal, but i before knowing this forum existed, i ran both spybot s&d and malwarebytes anti malware.
MWBytes found nothing more than cookies, and S&D (which previously i had set to a thorough search) took aaaaages. I noticed then that abouth 60% of the search time (at least an hour) was searching files named virtumonde.sci and snd
yet when finished, found nothing more to report.
On both, i clicked to resolve the issues they HAD found.
I have read the 'what to do firts' post, so below i have copied and pasted the two dds logs produced.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Adam at 14:32:17.29 on 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.442 [GMT 1:00]
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adam\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [VirusScan] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpeedTouch USB Diagnostics] "c:\program files\alcatel\speedtouch usb\Dragdiag.exe" /icon
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [FlashInstaller] e:\flashstart.exe e:\bt.exe run
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adam\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/MediaAccess/ie/bridge-c415.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-3-6 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-3-6 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2010-3-4 122880]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2010-3-4 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2010-3-4 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [2006-8-24 477696]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-20 223128]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\adam\locals~1\temp\cel90xbe.sys --> c:\docume~1\adam\locals~1\temp\cel90xbe.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-3-4 245760]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-1-13 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008-1-6 61536]
=============== Created Last 30 ================
2010-04-30 20:31:49 39936 ---ha-w- c:\windows\system32\QAPPll32.dll
2010-04-26 17:40:20 0 d-----w- c:\program files\Sky
2010-04-26 17:40:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Sky
2010-04-22 16:06:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 20:02:17 0 d-----w- c:\program files\iPod
2010-04-15 20:02:00 0 d-----w- c:\program files\iTunes
2010-04-15 20:02:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:50:43 0 d-----w- c:\program files\Bonjour
2010-04-07 19:10:06 0 d-----w- c:\program files\Tansee iPhone Transfer Photo
2010-04-05 19:47:11 3251 ----a-w- c:\windows\system32\wbem\Outlook_01cad4f8c883adb2.mof
==================== Find3M ====================
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 16:50:49 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-04-22 16:50:49 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-06 15:43:45 61224 ----a-w- c:\documents and settings\adam\GoToAssistDownloadHelper.exe
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2004-07-22 10:51:34 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58:36 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53:26 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17:16 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13:48 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13:46 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03:10 62976 ----a-w- c:\program files\DSETUP.dll
2008-11-02 12:09:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat
============= FINISH: 14:34:40.79 ===============
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/10/2004 17:03:30
System Uptime: 05/01/2010 14:00:12 (2784 hours ago)
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 10.887 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
L: is CDROM ()
N: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP764: 31/01/2010 20:17:10 - System Checkpoint
RP765: 03/02/2010 20:42:40 - System Checkpoint
RP766: 05/02/2010 12:16:08 - Configured Microsoft Office Small Business 2007 Trial
RP767: 10/02/2010 21:37:23 - System Checkpoint
RP768: 10/02/2010 22:48:19 - Software Distribution Service 3.0
RP769: 15/02/2010 16:03:21 - System Checkpoint
RP770: 16/02/2010 22:00:01 - System Checkpoint
RP771: 18/02/2010 21:14:02 - System Checkpoint
RP772: 21/02/2010 14:22:34 - System Checkpoint
RP773: 22/02/2010 18:24:08 - System Checkpoint
RP774: 24/02/2010 22:54:25 - Software Distribution Service 3.0
RP775: 28/02/2010 20:52:06 - System Checkpoint
RP776: 03/03/2010 22:12:03 - System Checkpoint
RP777: 04/03/2010 23:49:13 - System Checkpoint
RP778: 06/03/2010 15:33:15 - Installed McAfee Virtual Technician
RP779: 07/03/2010 01:13:26 - Software Distribution Service 3.0
RP780: 08/03/2010 20:19:02 - System Checkpoint
RP781: 10/03/2010 21:21:16 - System Checkpoint
RP782: 13/03/2010 00:17:11 - System Checkpoint
RP783: 13/03/2010 03:02:30 - Software Distribution Service 3.0
RP784: 24/03/2010 20:44:22 - System Checkpoint
RP785: 29/03/2010 18:12:50 - System Checkpoint
RP786: 30/03/2010 23:18:05 - Software Distribution Service 3.0
RP787: 11/04/2010 17:08:40 - System Checkpoint
RP788: 15/04/2010 22:02:46 - Software Distribution Service 3.0
RP789: 17/04/2010 20:13:44 - System Checkpoint
RP790: 20/04/2010 19:28:12 - System Checkpoint
RP791: 22/04/2010 17:51:45 - System Checkpoint
RP792: 24/04/2010 14:54:08 - System Checkpoint
RP793: 26/04/2010 18:40:19 - Installed Sky Player.
RP794: 28/04/2010 20:13:26 - System Checkpoint
RP795: 29/04/2010 21:54:14 - System Checkpoint
==== Installed Programs ======================
µTorrent
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11
Air Mouse Server
Alcatel SpeedTouch USB Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auto Gordian Knot 2.27
AVI to VCD/DVD 4.02
AVIcodec (remove only)
AviSynth 2.5
BBC iPlayer Desktop
BBC iPlayer Download Manager
BitTornado 0.3.7
Bonjour
broadband medic
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
BUFFALO Client Manager 3
CloneDVD2
Command & Conquer 3
ConvertMovie 1.1
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
Dell AIO Printer A920
Dell Media Experience
Dell Solution Center
DiMAGE Viewer
DiskAid 3.1
DivX Plus Web Player
Driver Detective
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
ERUNT 1.1j
Far Cry Demo
ffdshow
FileMagnet
Half-Life(R) 2
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
jetAudio
JetShell for M3
KONICA_MINOLTA DiMAGE remote camera driver
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
M3 User's Guide
Magic ISO Maker v4.9 (build 0144)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
McAfee VirusScan
Medieval II Total War
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007 Trial
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Microsoft XML Parser
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.3)
Need for Speed Underground 2
Need for Speed™ Most Wanted
PowerDVD 5.1
QuickTime
RealPlayer Basic
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SiSoftware Sandra Lite 2009.SP2
skillsarena online for IE (v1.4)
Sky Player
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpeechRedist
SpeedSim
Spotify
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Srt2Sup a4.03
Steam
Tansee iPhone Transfer Photo
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.7.2
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
==== Event Viewer Messages From Past Week ========
30/04/2010 21:43:43, error: sptd [4] - Driver detected an internal error in its data structures for .
29/04/2010 17:19:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
29/04/2010 17:19:08, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2010 15:47:52, error: Service Control Manager [7022] - The KService service hung on starting.
26/04/2010 15:46:24, error: ati2mtag [45062] - CRT invalid display type
==== End Of File ==========================
Many thanks in advance :D
Red
Hi,
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers. Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck all but sections option and then click scan.
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Below is the log created by gmer. Immediately after running this, the program stopped working, and refused to close. Also, the computer essentially stopped working - was extremely slow - task manager refused to open. Trying to restart to post this, the "turn off computer" button resulted in 'logoff' or 'switch user'.
GMer was swift though.
Many thanks again :D
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-04 18:43:13
Windows 5.1.2600 Service Pack 3
Running: opd21wdr.exe; Driver: C:\DOCUME~1\Adam\LOCALS~1\Temp\kwldyaob.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7897760]
.rsrc C:\WINDOWS\System32\DRIVERS\rasacd.sys entry point in ".rsrc" section [0xECA69C14]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Kontiki\KHost.exe[940] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D45C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02B0000A
.text C:\WINDOWS\System32\svchost.exe[1284] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D6000A
.text C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe[1312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 02935C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe[1444] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00AF5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe[1472] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 02065C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\WINDOWS\system32\ctfmon.exe[1956] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00FE5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\uTorrent\uTorrent.exe[1996] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 04445C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text ...
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[3808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[3912] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C65C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0139000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0138000C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[4136] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 061F5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe[4620] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 01BB5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[5008] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 04765C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Documents and Settings\Adam\My Documents\Downloads\opd21wdr.exe[5896] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 016C5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\DRIVERS\rasacd.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Hello again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
BitTornado
Limewire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
ComboFix 10-05-05.02 - Adam 05/05/2010 21:46:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.655 [GMT 1:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Resident AV is active
.
The following files were disabled during the run:
c:\windows\system32\QAPPll32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Adam\Recent\Thumbs.db
c:\progra~1\mcafee.com\vso\mcvsshld.exe
c:\program files\WindowsUpdate
Infected copy of c:\windows\system32\drivers\RASACD.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.
2010-05-01 13:20 . 2010-05-01 13:20 -------- d-----w- c:\program files\ERUNT
2010-04-30 20:31 . 2010-04-30 20:31 39936 ----a-w- c:\windows\system32\QAPPll32.dll
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\program files\Sky
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sky
2010-04-22 16:06 . 2010-04-22 16:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06 . 2010-04-23 12:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-22 16:06 . 2010-04-22 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 20:02 . 2010-04-15 20:02 -------- d-----w- c:\program files\iPod
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\program files\iTunes
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:55 . 2010-04-15 19:56 -------- d-----w- c:\program files\QuickTime
2010-04-15 19:50 . 2010-04-15 19:51 -------- d-----w- c:\program files\Bonjour
2010-04-07 19:10 . 2010-04-07 19:33 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 21:23 . 2008-03-30 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-05 20:35 . 2002-08-29 04:00 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-05-05 20:06 . 2010-02-15 19:28 -------- d-----w- c:\documents and settings\Adam\Application Data\uTorrent
2010-05-05 20:02 . 2005-06-25 20:03 -------- d-----w- c:\program files\LimeWire
2010-04-30 23:25 . 2005-08-03 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-30 22:20 . 2010-03-04 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 14:39 . 2010-03-04 22:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-04 22:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:40 . 2008-03-30 20:06 -------- d-----w- c:\program files\Kontiki
2010-04-22 19:15 . 2008-08-20 12:12 -------- d-----w- c:\documents and settings\Adam\Application Data\U3
2010-04-15 21:10 . 2008-09-03 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 20:02 . 2008-10-20 17:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 11:44 . 2005-07-15 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 19:00 . 2009-11-12 22:00 -------- d-----w- c:\documents and settings\Adam\Application Data\DiskAid
2010-03-30 18:18 . 2005-08-03 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-10 06:15 . 2002-08-29 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 15:43 . 2010-03-06 15:43 61224 ----a-w- c:\documents and settings\Adam\GoToAssistDownloadHelper.exe
2010-02-25 06:24 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 1979-12-31 23:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1979-12-31 23:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03 . 2010-03-06 15:26 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2002-08-29 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 13:29 . 2004-10-06 16:26 76456 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 10:51 . 2004-07-22 10:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58 . 2004-07-19 22:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53 . 2004-07-19 22:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17 . 2004-07-09 14:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13 . 2004-07-09 09:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13 . 2004-07-09 09:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08 . 2004-07-09 04:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08 . 2004-07-09 04:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03 . 2004-07-09 03:03 62976 ----a-w- c:\program files\DSETUP.dll
2008-06-30 12:44 . 2008-08-18 22:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-22 26112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Adam\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
javaGOFF REG_SZ c:\windows\system32\QAPPll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [04/03/2010 20:43 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [13/01/2009 18:04 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\SYSTEM32\DRIVERS\se46bus.sys [06/01/2008 23:18 61536]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [20/04/2006 13:46 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [19/01/2006 11:09 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-VirusScan - c:\progra~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-FlashInstaller - E:\flashstart.exe
HKLM-Run-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 22:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86858AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75a7f28
\Driver\ACPI -> ACPI.sys @ 0xf751acb8
\Driver\atapi -> atapi.sys @ 0xf74d2852
\Driver\iaStor -> iaStor.sys @ 0xf7469aa8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,a8,fb,e4,bf,a4,e5,ca,04,44,b0,74,3d,61,03,8c,c8,76,49,d4,5c,84,93,
f7,00,a3,7f,1f,6b,98,a1,5a,4b,85,a8,cd,fc,e4,e5,a8,ae,9a,3d,13,8a,1d,2f,8c,\
"??"=hex:c0,b5,47,71,bf,22,05,6a,7f,20,91,73,98,78,df,c5
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\License information*]
"datasecu"=hex:85,8d,d8,73,dd,70,39,0c,18,40,ca,b4,b7,05,5e,d6,c0,50,63,f2,74,
d3,b6,88,d1,71,38,d9,47,05,e1,99,00,05,23,37,76,e7,45,84,91,ae,f8,de,a3,e1,\
"rkeysecu"=hex:21,46,94,25,f3,3a,c3,bd,fe,dd,cb,0f,0f,dd,78,45
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(6052)
c:\windows\system32\WININET.dll
c:\progra~1\ntl\BROADB~1\SMARTB~1\SBHook.dll
c:\windows\system32\QAPPll32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Air Mouse\Air Mouse\Air Mouse.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BUFFALO\Client Manager3\cm3_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-05 22:34:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 21:34
Pre-Run: 11,621,646,336 bytes free
Post-Run: 11,657,347,072 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 0A624FEF384896AEC4AD0C29A083CB0E
DDS (Ver_10-03-17.01) - NTFSx86
Run by Adam at 15:24:15.23 on 06/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.414 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adam\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpeedTouch USB Diagnostics] "c:\program files\alcatel\speedtouch usb\Dragdiag.exe" /icon
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adam\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-3-6 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-3-6 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2010-3-4 122880]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2010-3-4 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2010-3-4 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [2006-8-24 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\adam\locals~1\temp\cel90xbe.sys --> c:\docume~1\adam\locals~1\temp\cel90xbe.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-3-4 245760]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-1-13 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008-1-6 61536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-20 223128]
=============== Created Last 30 ================
2010-05-05 20:20:59 0 d-sha-r- C:\cmdcons
2010-05-05 20:18:47 77312 ----a-w- c:\windows\MBR.exe
2010-05-05 20:18:46 98816 ----a-w- c:\windows\sed.exe
2010-05-05 20:18:46 256512 ----a-w- c:\windows\PEV.exe
2010-05-05 20:18:46 161792 ----a-w- c:\windows\SWREG.exe
2010-05-04 17:30:41 160 ----a-w- c:\documents and settings\adam\defogger_reenable
2010-04-30 20:31:49 39936 ----a-w- c:\windows\system32\QAPPll32.dll
2010-04-26 17:40:20 0 d-----w- c:\program files\Sky
2010-04-26 17:40:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Sky
2010-04-22 16:06:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 20:02:17 0 d-----w- c:\program files\iPod
2010-04-15 20:02:00 0 d-----w- c:\program files\iTunes
2010-04-15 20:02:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:50:43 0 d-----w- c:\program files\Bonjour
2010-04-07 19:10:06 0 d-----w- c:\program files\Tansee iPhone Transfer Photo
==================== Find3M ====================
2010-05-05 20:35:04 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 16:50:49 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-06 15:43:45 61224 ----a-w- c:\documents and settings\adam\GoToAssistDownloadHelper.exe
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2004-07-22 10:51:34 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58:36 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53:26 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17:16 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13:48 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13:46 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03:10 62976 ----a-w- c:\program files\DSETUP.dll
2008-11-02 12:09:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat
============= FINISH: 15:26:00.14 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/10/2004 17:03:30
System Uptime: 05/06/2010 14:55:58 (-719 hours ago)
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 10.805 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP766: 05/02/2010 12:16:08 - Configured Microsoft Office Small Business 2007 Trial
RP767: 10/02/2010 21:37:23 - System Checkpoint
RP768: 10/02/2010 22:48:19 - Software Distribution Service 3.0
RP769: 15/02/2010 16:03:21 - System Checkpoint
RP770: 16/02/2010 22:00:01 - System Checkpoint
RP771: 18/02/2010 21:14:02 - System Checkpoint
RP772: 21/02/2010 14:22:34 - System Checkpoint
RP773: 22/02/2010 18:24:08 - System Checkpoint
RP774: 24/02/2010 22:54:25 - Software Distribution Service 3.0
RP775: 28/02/2010 20:52:06 - System Checkpoint
RP776: 03/03/2010 22:12:03 - System Checkpoint
RP777: 04/03/2010 23:49:13 - System Checkpoint
RP778: 06/03/2010 15:33:15 - Installed McAfee Virtual Technician
RP779: 07/03/2010 01:13:26 - Software Distribution Service 3.0
RP780: 08/03/2010 20:19:02 - System Checkpoint
RP781: 10/03/2010 21:21:16 - System Checkpoint
RP782: 13/03/2010 00:17:11 - System Checkpoint
RP783: 13/03/2010 03:02:30 - Software Distribution Service 3.0
RP784: 24/03/2010 20:44:22 - System Checkpoint
RP785: 29/03/2010 18:12:50 - System Checkpoint
RP786: 30/03/2010 23:18:05 - Software Distribution Service 3.0
RP787: 11/04/2010 17:08:40 - System Checkpoint
RP788: 15/04/2010 22:02:46 - Software Distribution Service 3.0
RP789: 17/04/2010 20:13:44 - System Checkpoint
RP790: 20/04/2010 19:28:12 - System Checkpoint
RP791: 22/04/2010 17:51:45 - System Checkpoint
RP792: 24/04/2010 14:54:08 - System Checkpoint
RP793: 26/04/2010 18:40:19 - Installed Sky Player.
RP794: 28/04/2010 20:13:26 - System Checkpoint
RP795: 29/04/2010 21:54:14 - System Checkpoint
RP796: 04/05/2010 22:40:39 - System Checkpoint
==== Installed Programs ======================
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11
Air Mouse Server
Alcatel SpeedTouch USB Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auto Gordian Knot 2.27
AVI to VCD/DVD 4.02
AVIcodec (remove only)
AviSynth 2.5
BBC iPlayer Desktop
BBC iPlayer Download Manager
Bonjour
broadband medic
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
BUFFALO Client Manager 3
CloneDVD2
Command & Conquer 3
ConvertMovie 1.1
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
Dell AIO Printer A920
Dell Media Experience
Dell Solution Center
DiMAGE Viewer
DiskAid 3.1
DivX Plus Web Player
Driver Detective
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
ERUNT 1.1j
Far Cry Demo
ffdshow
FileMagnet
Half-Life(R) 2
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
jetAudio
JetShell for M3
KONICA_MINOLTA DiMAGE remote camera driver
Learn2 Player (Uninstall Only)
M3 User's Guide
Magic ISO Maker v4.9 (build 0144)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
McAfee VirusScan
Medieval II Total War
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007 Trial
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Microsoft XML Parser
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.3)
Need for Speed Underground 2
Need for Speed™ Most Wanted
PowerDVD 5.1
QuickTime
RealPlayer Basic
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SiSoftware Sandra Lite 2009.SP2
skillsarena online for IE (v1.4)
Sky Player
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpeechRedist
SpeedSim
Spotify
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Srt2Sup a4.03
Steam
Tansee iPhone Transfer Photo
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.7.2
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
==== Event Viewer Messages From Past Week ========
30/04/2010 21:43:43, error: sptd [4] - Driver detected an internal error in its data structures for .
29/04/2010 17:19:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
29/04/2010 17:19:08, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2010 17:15:33, error: ati2mtag [45062] - CRT invalid display type
05/05/2010 21:52:19, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
05/05/2010 21:44:17, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
==== End Of File ===========================
Hi,
Upload c:\windows\system32\QAPPll32.dll file to http://www.virustotal.com and post back the results.
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.08 Trojan.Win32.FakeAV!IK
AhnLab-V3 2010.05.08.00 2010.05.07 Trojan/Win32.FraudPack
AntiVir 8.2.1.236 2010.05.07 TR/FraudPack.aujz
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.08 -
Avast 4.8.1351.0 2010.05.08 -
Avast5 5.0.332.0 2010.05.08 -
AVG 9.0.0.787 2010.05.08 Generic17.BPOY
BitDefender 7.2 2010.05.08 -
CAT-QuickHeal 10.00 2010.05.08 Trojan.FraudPack.aujz
ClamAV 0.96.0.3-git 2010.05.08 -
Comodo 4792 2010.05.08 -
DrWeb 5.0.2.03300 2010.05.08 -
eSafe 7.0.17.0 2010.05.06 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.08 -
F-Secure 9.0.15370.0 2010.05.08 -
Fortinet 4.1.133.0 2010.05.08 W32/FraudPack.AUJZ!tr
GData 21 2010.05.08 -
Ikarus T3.1.1.84.0 2010.05.08 Trojan.Win32.FakeAV
Jiangmin 13.0.900 2010.05.08 Trojan/FraudPack.teg
Kaspersky 7.0.0.125 2010.05.08 Trojan.Win32.FraudPack.aujz
McAfee 5.400.0.1158 2010.05.08 -
McAfee-GW-Edition 2010.1 2010.05.07 -
Microsoft 1.5703 2010.05.08 -
NOD32 5096 2010.05.07 Win32/PSW.Papras.AW
Norman 6.04.12 2010.05.08 -
nProtect 2010-05-08.01 2010.05.08 Trojan/W32.FraudPack.39936.F
Panda 10.0.2.7 2010.05.08 Trj/CI.A
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.08 -
Rising 22.46.05.04 2010.05.08 -
Sophos 4.53.0 2010.05.08 -
Sunbelt 6278 2010.05.08 Trojan.Win32.Fraudpack
Symantec 20091.2.0.41 2010.05.08 -
TheHacker 6.5.2.0.277 2010.05.07 -
TrendMicro 9.120.0.1004 2010.05.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.08 -
VBA32 3.12.12.4 2010.05.06 -
ViRobot 2010.5.8.2306 2010.05.08 -
VirusBuster 5.0.27.0 2010.05.07 -
Additional information
File size: 39936 bytes
MD5...: 59afa34ab14e882857e667ec09cfe51c
SHA1..: 49a15107719865d79048821f48ff6aa950972ba0
SHA256: 46ac925f614dd3611c478ca073158f74ccc07e29b3215f3e71e86b979c342326
ssdeep: 768:UGeYK23B67el6AKNP5WeQa/aPKexFizYyOL2w2QaLL:42RzpKPWeQOsWOSw2
Pv
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x13e7
timedatestamp.....: 0x409e1b42 (Sun May 09 11:51:30 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8000 0x7200 7.50 7d9fe57f8cb9b415ed870609c5243783
.data 0x9000 0x1000 0x200 2.82 d9dda99df0d9cb648dad397a7ed33d24
.rdata 0xa000 0x3000 0x2200 7.39 029f83e16d80c7fab084d3fe4390c954
.reloc 0xd000 0x1000 0x200 0.58 9f8680cf4b29c50d0acc79292df730c2
( 1 imports )
> KERNEL32.dll: CreateSemaphoreA, ReleaseSemaphore, GetVersion, GetLastError, ResetEvent, GetModuleHandleA, CloseHandle
( 2 exports )
CreateProcessNotify, DllEntryPoint
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Hi,
Please re-run ComboFix and let it update itself. Post back the report.
ComboFix 10-05-08.03 - Adam 09/05/2010 17:02:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.604 [GMT 1:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
The following files were disabled during the run:
c:\windows\system32\QAPPll32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Adam\GoToAssistDownloadHelper.exe
Infected copy of c:\windows\system32\drivers\RASACD.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-01 13:20 . 2010-05-01 13:20 -------- d-----w- c:\program files\ERUNT
2010-04-30 20:31 . 2010-04-30 20:31 39936 ----a-w- c:\windows\system32\QAPPll32.dll.vir
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\program files\Sky
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sky
2010-04-22 16:06 . 2010-04-22 16:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06 . 2010-04-23 12:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-22 16:06 . 2010-04-22 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 20:02 . 2010-04-15 20:02 -------- d-----w- c:\program files\iPod
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\program files\iTunes
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:55 . 2010-04-15 19:56 -------- d-----w- c:\program files\QuickTime
2010-04-15 19:50 . 2010-04-15 19:51 -------- d-----w- c:\program files\Bonjour
2010-04-15 19:37 . 2010-04-15 19:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 16:16 . 2008-03-30 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-05 20:35 . 2002-08-29 04:00 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-05-05 20:06 . 2010-02-15 19:28 -------- d-----w- c:\documents and settings\Adam\Application Data\uTorrent
2010-05-05 20:02 . 2005-06-25 20:03 -------- d-----w- c:\program files\LimeWire
2010-04-30 23:25 . 2005-08-03 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-30 22:20 . 2010-03-04 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 22:20 . 2010-04-30 22:20 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 14:39 . 2010-03-04 22:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-04 22:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:40 . 2008-03-30 20:06 -------- d-----w- c:\program files\Kontiki
2010-04-22 19:15 . 2008-08-20 12:12 -------- d-----w- c:\documents and settings\Adam\Application Data\U3
2010-04-15 21:10 . 2008-09-03 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 20:02 . 2008-10-20 17:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 11:44 . 2005-07-15 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 19:33 . 2010-04-07 19:10 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
2010-04-07 19:00 . 2009-11-12 22:00 -------- d-----w- c:\documents and settings\Adam\Application Data\DiskAid
2010-03-30 18:18 . 2005-08-03 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-10 06:15 . 2002-08-29 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:45 . 2009-12-10 18:56 38784 ----a-w- c:\documents and settings\Adam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 13:11 . 2002-08-29 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 18:49 . 2010-03-06 15:34 288096 ----a-r- c:\documents and settings\Adam\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-02-16 14:08 . 1979-12-31 23:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1979-12-31 23:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03 . 2010-03-06 15:26 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2002-08-29 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 10:51 . 2004-07-22 10:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58 . 2004-07-19 22:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53 . 2004-07-19 22:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17 . 2004-07-09 14:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13 . 2004-07-09 09:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13 . 2004-07-09 09:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08 . 2004-07-09 04:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08 . 2004-07-09 04:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03 . 2004-07-09 03:03 62976 ----a-w- c:\program files\DSETUP.dll
2008-06-30 12:44 . 2008-08-18 22:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-22 26112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Adam\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
javaGOFF REG_SZ c:\windows\system32\QAPPll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [04/03/2010 20:43 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [13/01/2009 18:04 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\SYSTEM32\DRIVERS\se46bus.sys [06/01/2008 23:18 61536]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [20/04/2006 13:46 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [19/01/2006 11:09 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 17:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,a8,fb,e4,bf,a4,e5,ca,04,44,b0,74,3d,61,03,8c,c8,76,49,d4,5c,84,93,
f7,00,a3,7f,1f,6b,98,a1,5a,4b,85,a8,cd,fc,e4,e5,a8,ae,9a,3d,13,8a,1d,2f,8c,\
"??"=hex:c0,b5,47,71,bf,22,05,6a,7f,20,91,73,98,78,df,c5
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\License information*]
"datasecu"=hex:85,8d,d8,73,dd,70,39,0c,18,40,ca,b4,b7,05,5e,d6,c0,50,63,f2,74,
d3,b6,88,d1,71,38,d9,47,05,e1,99,00,05,23,37,76,e7,45,84,91,ae,f8,de,a3,e1,\
"rkeysecu"=hex:21,46,94,25,f3,3a,c3,bd,fe,dd,cb,0f,0f,dd,78,45
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-09 17:20:08
ComboFix-quarantined-files.txt 2010-05-09 16:20
ComboFix2.txt 2010-05-05 21:34
Pre-Run: 11,380,408,320 bytes free
Post-Run: 11,343,974,400 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 02F8AC8A255DCFD64F4345BBF8F52D37
during the running of combofix it said there were corrupt files. After the restart, CHKDSK ran, followed by the report here.
cheers for all your assistance!
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
http://forums.spybot.info/showthread.php?t=57135
Collect::
c:\windows\system32\QAPPll32.dll.vir
Ignore::
c:\program files\WindowsUpdate
c:\program files\mcafee.com\vso\mcvsshld.exe
DeQuarantine::
c:\qoobox\quarantine\c\program files\WindowsUpdate
c:\qoobox\quarantine\c\program files\mcafee.com\vso\mcvsshld.exe.vir
Folder::
c:\documents and settings\Adam\Application Data\uTorrent
c:\program files\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
"javaGOFF"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
ComboFix 10-05-09.08 - Adam 10/05/2010 17:28:10.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.550 [GMT 1:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adam\Desktop\CFScript.txt
* Resident AV is active
file zipped: c:\windows\system32\QAPPll32.dll.vir
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Adam\Application Data\uTorrent
c:\documents and settings\Adam\Application Data\uTorrent\?????? ?????(DD212).avi.torrent
c:\documents and settings\Adam\Application Data\uTorrent\1492_conquest.torrent
c:\documents and settings\Adam\Application Data\uTorrent\19248-utorrent.a8bf.dmp
c:\documents and settings\Adam\Application Data\uTorrent\19248-utorrent.ee37.dmp
c:\documents and settings\Adam\Application Data\uTorrent\Azureus Downloads.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Cyber Update - July 21st, 2007.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Cyber Update - July 28st, 2007.torrent
c:\documents and settings\Adam\Application Data\uTorrent\CYBER UPDATE 051907.torrent
c:\documents and settings\Adam\Application Data\uTorrent\CYBER UPDATE 2007.06.02 [STRIDER].torrent
c:\documents and settings\Adam\Application Data\uTorrent\CYBER UPDATE 2007.06.09 [STRIDER].torrent
c:\documents and settings\Adam\Application Data\uTorrent\HT-5540 Charley Chase.asf.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Human.Weapon.S01E01.Muay.Thai.WS.DSR.XviD-OMiCRON.avi.torrent
c:\documents and settings\Adam\Application Data\uTorrent\mcc7.wmv.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Ninja Scroll - soloDVD.org -.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Nneka - No Longer At Ease.torrent
c:\documents and settings\Adam\Application Data\uTorrent\ONG BAK - The Thai Warrior - XVID.AC3.DragonRipper624.torrent
c:\documents and settings\Adam\Application Data\uTorrent\resume.dat
c:\documents and settings\Adam\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\Royksopp - Junior [mp3-192-2009].torrent
c:\documents and settings\Adam\Application Data\uTorrent\rss.dat
c:\documents and settings\Adam\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\RUBEE.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Samurai X.torrent
c:\documents and settings\Adam\Application Data\uTorrent\SAS-5370-Mark,Daisy.wmv.torrent
c:\documents and settings\Adam\Application Data\uTorrent\settings.dat
c:\documents and settings\Adam\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\UFC.70.Nations.Collide.PPV.DSRip.XviD-aAF.torrent
c:\documents and settings\Adam\Application Data\uTorrent\utorrent-200-18296.chm
c:\documents and settings\Adam\Application Data\uTorrent\utorrent-help.zip
c:\documents and settings\Adam\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Adam\Application Data\uTorrent\Waltz.with.Bashir subd.avi.torrent
c:\documents and settings\Adam\Application Data\uTorrent\WP 2008-10-30 5839-Vai.torrent
c:\documents and settings\Adam\Application Data\uTorrent\WP 2009-01-15 MPEG4.torrent
c:\documents and settings\Adam\Application Data\uTorrent\WP 2009-01-22 MPEG4.torrent
c:\documents and settings\Adam\Application Data\uTorrent\WP 2009-01-29 MPEG4.torrent
c:\documents and settings\Adam\Application Data\uTorrent\WP 2009-04-16 MPEG4.torrent
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid688.log
c:\program files\LimeWire\Thumbs.db
c:\windows\system32\QAPPll32.dll.vir
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.
2010-05-01 13:20 . 2010-05-01 13:20 -------- d-----w- c:\program files\ERUNT
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\program files\Sky
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sky
2010-04-22 16:06 . 2010-04-22 16:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06 . 2010-04-23 12:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-22 16:06 . 2010-04-22 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 20:02 . 2010-04-15 20:02 -------- d-----w- c:\program files\iPod
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\program files\iTunes
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:55 . 2010-04-15 19:56 -------- d-----w- c:\program files\QuickTime
2010-04-15 19:50 . 2010-04-15 19:51 -------- d-----w- c:\program files\Bonjour
2010-04-15 19:37 . 2010-04-15 19:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 16:44 . 2008-03-30 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-05 20:35 . 2002-08-29 04:00 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-04-30 23:25 . 2005-08-03 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-30 22:20 . 2010-03-04 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 14:39 . 2010-03-04 22:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-04 22:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:40 . 2008-03-30 20:06 -------- d-----w- c:\program files\Kontiki
2010-04-22 19:15 . 2008-08-20 12:12 -------- d-----w- c:\documents and settings\Adam\Application Data\U3
2010-04-15 21:10 . 2008-09-03 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 20:02 . 2008-10-20 17:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 11:44 . 2005-07-15 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 19:33 . 2010-04-07 19:10 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
2010-04-07 19:00 . 2009-11-12 22:00 -------- d-----w- c:\documents and settings\Adam\Application Data\DiskAid
2010-03-30 18:18 . 2005-08-03 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-10 06:15 . 2002-08-29 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:45 . 2009-12-10 18:56 38784 ----a-w- c:\documents and settings\Adam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 13:11 . 2002-08-29 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 18:49 . 2010-03-06 15:34 288096 ----a-r- c:\documents and settings\Adam\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-02-16 14:08 . 1979-12-31 23:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1979-12-31 23:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03 . 2010-03-06 15:26 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2002-08-29 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 10:51 . 2004-07-22 10:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58 . 2004-07-19 22:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53 . 2004-07-19 22:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17 . 2004-07-09 14:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13 . 2004-07-09 09:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13 . 2004-07-09 09:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08 . 2004-07-09 04:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08 . 2004-07-09 04:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03 . 2004-07-09 03:03 62976 ----a-w- c:\program files\DSETUP.dll
2008-06-30 12:44 . 2008-08-18 22:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-09_16.16.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-10 16:10 . 2010-05-10 16:10 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
- 2010-05-09 15:56 . 2010-05-09 15:56 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2010-05-10 16:10 . 2010-05-10 16:10 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2010-05-10 16:14 . 2010-05-10 16:14 335872 c:\windows\ERDNT\AutoBackup\10-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-10 16:14 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\10-05-2010\ERDNT.EXE
+ 2010-05-10 16:13 . 2010-05-10 16:14 10973184 c:\windows\ERDNT\AutoBackup\10-05-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-22 26112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Adam\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [04/03/2010 20:43 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [13/01/2009 18:04 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\SYSTEM32\DRIVERS\se46bus.sys [06/01/2008 23:18 61536]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [20/04/2006 13:46 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [19/01/2006 11:09 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 17:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,a8,fb,e4,bf,a4,e5,ca,04,44,b0,74,3d,61,03,8c,c8,76,49,d4,5c,84,93,
f7,00,a3,7f,1f,6b,98,a1,5a,4b,85,a8,cd,fc,e4,e5,a8,ae,9a,3d,13,8a,1d,2f,8c,\
"??"=hex:c0,b5,47,71,bf,22,05,6a,7f,20,91,73,98,78,df,c5
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\License information*]
"datasecu"=hex:85,8d,d8,73,dd,70,39,0c,18,40,ca,b4,b7,05,5e,d6,c0,50,63,f2,74,
d3,b6,88,d1,71,38,d9,47,05,e1,99,00,05,23,37,76,e7,45,84,91,ae,f8,de,a3,e1,\
"rkeysecu"=hex:21,46,94,25,f3,3a,c3,bd,fe,dd,cb,0f,0f,dd,78,45
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-10 17:48:46
ComboFix-quarantined-files.txt 2010-05-10 16:48
ComboFix2.txt 2010-05-09 16:20
ComboFix3.txt 2010-05-05 21:34
Pre-Run: 11,292,585,984 bytes free
Post-Run: 11,245,539,328 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 60B1671123F4A63F746BCE7F5CEE2299
Upload was successful
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 11, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 10, 2010 13:20:02
Records in database: 4090753
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 130921
Threats found: 11
Infected objects found: 19
Suspicious objects found: 0
Scan duration: 05:53:28
File name / Threat / Threats count
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\15\71cfa04f-7ef4c6f2 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\18\6b71a192-57db940b Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\2\2efa9282-69bdf833 Infected: Trojan-Downloader.Java.OpenStream.ak 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\2\2efa9282-69bdf833 Infected: Trojan-Dropper.Java.Small.h 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\49\2efb95f1-1e92cf69 Infected: Exploit.OSX.Smid.d 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\56\697f4eb8-625f73bc Infected: Exploit.Java.Agent.a 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\56\697f4eb8-625f73bc Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115 Infected: Trojan-Downloader.Java.Agent.dc 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115 Infected: Trojan-Downloader.Java.Agent.dd 1
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115 Infected: Trojan-Downloader.Java.Agent.de 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\RASACD.SYS.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\[4]-Submit_2010-05-10_17.28.05.zip Infected: Trojan.Win32.FraudPack.aujz 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP785\A0186716.exe Infected: Trojan-Dropper.Win32.Pincher.ado 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP796\A0192084.dll Infected: Trojan.Win32.FraudPack.aujz 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP796\A0192122.SYS Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP796\A0192273.dll Infected: Trojan.Win32.FraudPack.aujz 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP797\A0192393.SYS Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP797\A0192565.dll Infected: Trojan.Win32.FraudPack.aujz 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP797\snapshot\MFEX-1.DAT Infected: Trojan.Win32.FraudPack.aujz 1
Selected area has been scanned.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Adam at 15:49:16.03 on 11/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.647 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Adam\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpeedTouch USB Diagnostics] "c:\program files\alcatel\speedtouch usb\Dragdiag.exe" /icon
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adam\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-3-6 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-3-6 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2010-3-4 122880]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2010-3-4 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2010-3-4 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [2006-8-24 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\adam\locals~1\temp\cel90xbe.sys --> c:\docume~1\adam\locals~1\temp\cel90xbe.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-3-4 245760]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-1-13 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008-1-6 61536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-20 223128]
=============== Created Last 30 ================
2010-05-10 17:27:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-10 17:27:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 20:20:59 0 d-sha-r- C:\cmdcons
2010-05-05 20:18:47 77312 ----a-w- c:\windows\MBR.exe
2010-05-05 20:18:46 98816 ----a-w- c:\windows\sed.exe
2010-05-05 20:18:46 256512 ----a-w- c:\windows\PEV.exe
2010-05-05 20:18:46 161792 ----a-w- c:\windows\SWREG.exe
2010-05-04 17:30:41 160 ----a-w- c:\documents and settings\adam\defogger_reenable
2010-04-26 17:40:20 0 d-----w- c:\program files\Sky
2010-04-26 17:40:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Sky
2010-04-22 16:06:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 20:02:17 0 d-----w- c:\program files\iPod
2010-04-15 20:02:00 0 d-----w- c:\program files\iTunes
2010-04-15 20:02:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:50:43 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-05-05 20:35:04 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 16:50:49 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2004-07-22 10:51:34 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58:36 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53:26 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17:16 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13:48 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13:46 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03:10 62976 ----a-w- c:\program files\DSETUP.dll
2008-11-02 12:09:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat
============= FINISH: 15:50:29.12 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/10/2004 17:03:30
System Uptime: 05/11/2010 15:29:09 (-4272 hours ago)
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 10.483 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP767: 10/02/2010 21:37:23 - System Checkpoint
RP768: 10/02/2010 22:48:19 - Software Distribution Service 3.0
RP769: 15/02/2010 16:03:21 - System Checkpoint
RP770: 16/02/2010 22:00:01 - System Checkpoint
RP771: 18/02/2010 21:14:02 - System Checkpoint
RP772: 21/02/2010 14:22:34 - System Checkpoint
RP773: 22/02/2010 18:24:08 - System Checkpoint
RP774: 24/02/2010 22:54:25 - Software Distribution Service 3.0
RP775: 28/02/2010 20:52:06 - System Checkpoint
RP776: 03/03/2010 22:12:03 - System Checkpoint
RP777: 04/03/2010 23:49:13 - System Checkpoint
RP778: 06/03/2010 15:33:15 - Installed McAfee Virtual Technician
RP779: 07/03/2010 01:13:26 - Software Distribution Service 3.0
RP780: 08/03/2010 20:19:02 - System Checkpoint
RP781: 10/03/2010 21:21:16 - System Checkpoint
RP782: 13/03/2010 00:17:11 - System Checkpoint
RP783: 13/03/2010 03:02:30 - Software Distribution Service 3.0
RP784: 24/03/2010 20:44:22 - System Checkpoint
RP785: 29/03/2010 18:12:50 - System Checkpoint
RP786: 30/03/2010 23:18:05 - Software Distribution Service 3.0
RP787: 11/04/2010 17:08:40 - System Checkpoint
RP788: 15/04/2010 22:02:46 - Software Distribution Service 3.0
RP789: 17/04/2010 20:13:44 - System Checkpoint
RP790: 20/04/2010 19:28:12 - System Checkpoint
RP791: 22/04/2010 17:51:45 - System Checkpoint
RP792: 24/04/2010 14:54:08 - System Checkpoint
RP793: 26/04/2010 18:40:19 - Installed Sky Player.
RP794: 28/04/2010 20:13:26 - System Checkpoint
RP795: 29/04/2010 21:54:14 - System Checkpoint
RP796: 04/05/2010 22:40:39 - System Checkpoint
RP797: 09/05/2010 16:44:41 - ComboFix created restore point
RP798: 10/05/2010 18:10:46 - Removed Java(TM) SE Runtime Environment 6 Update 1
RP799: 10/05/2010 18:11:36 - Removed Java(TM) 6 Update 7
RP800: 10/05/2010 18:12:53 - Removed Java(TM) 6 Update 3
RP801: 10/05/2010 18:14:01 - Removed Java(TM) 6 Update 12
RP802: 10/05/2010 18:15:08 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP803: 10/05/2010 18:17:16 - Removed J2SE Runtime Environment 5.0 Update 11
RP804: 10/05/2010 18:17:52 - Removed J2SE Runtime Environment 5.0 Update 4
RP805: 10/05/2010 18:18:30 - Removed J2SE Runtime Environment 5.0 Update 6
RP806: 10/05/2010 18:19:20 - Removed J2SE Runtime Environment 5.0 Update 9
RP807: 10/05/2010 18:27:27 - Installed Java(TM) 6 Update 20
==== Installed Programs ======================
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Air Mouse Server
Alcatel SpeedTouch USB Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auto Gordian Knot 2.27
AVI to VCD/DVD 4.02
AVIcodec (remove only)
AviSynth 2.5
BBC iPlayer Desktop
BBC iPlayer Download Manager
Bonjour
broadband medic
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
BUFFALO Client Manager 3
CloneDVD2
Command & Conquer 3
ConvertMovie 1.1
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
Dell AIO Printer A920
Dell Media Experience
Dell Solution Center
DiMAGE Viewer
DiskAid 3.1
DivX Plus Web Player
Driver Detective
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
ERUNT 1.1j
Far Cry Demo
ffdshow
FileMagnet
Half-Life(R) 2
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java(TM) 6 Update 20
jetAudio
JetShell for M3
KONICA_MINOLTA DiMAGE remote camera driver
Learn2 Player (Uninstall Only)
M3 User's Guide
Magic ISO Maker v4.9 (build 0144)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
McAfee VirusScan
Medieval II Total War
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007 Trial
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Microsoft XML Parser
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.3)
Need for Speed Underground 2
Need for Speed™ Most Wanted
PowerDVD 5.1
QuickTime
RealPlayer Basic
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SiSoftware Sandra Lite 2009.SP2
skillsarena online for IE (v1.4)
Sky Player
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpeechRedist
SpeedSim
Spotify
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Srt2Sup a4.03
Steam
Tansee iPhone Transfer Photo
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.7.2
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
==== Event Viewer Messages From Past Week ========
10/05/2010 18:27:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
10/05/2010 18:27:10, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/05/2010 17:13:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
10/05/2010 17:13:55, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/05/2010 17:13:51, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
09/05/2010 16:41:54, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
05/05/2010 21:52:19, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
05/05/2010 21:44:17, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
04/05/2010 19:03:10, error: ati2mtag [45062] - CRT invalid display type
04/05/2010 18:15:20, error: sptd [4] - Driver detected an internal error in its data structures for .
==== End Of File ===========================
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\15\71cfa04f-7ef4c6f2
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\18\6b71a192-57db940b
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\2\2efa9282-69bdf833
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\49\2efb95f1-1e92cf69
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\56\697f4eb8-625f73bc
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. How's the system running?
ComboFix 10-05-12.06 - Adam 13/05/2010 16:40:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.525 [GMT 1:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adam\Desktop\cfscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\15\71cfa04f-7ef4c6f2"
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\18\6b71a192-57db940b"
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\2\2efa9282-69bdf833"
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\49\2efb95f1-1e92cf69"
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\56\697f4eb8-625f73bc"
"c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\15\71cfa04f-7ef4c6f2
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\18\6b71a192-57db940b
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\2\2efa9282-69bdf833
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\49\2efb95f1-1e92cf69
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\56\697f4eb8-625f73bc
c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-66f3b115
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 15:32 . 2010-05-13 15:32 -------- d-----w- c:\windows\LastGood
2010-05-10 17:28 . 2010-05-10 17:28 503808 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d965f31-n\msvcp71.dll
2010-05-10 17:28 . 2010-05-10 17:28 499712 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d965f31-n\jmc.dll
2010-05-10 17:28 . 2010-05-10 17:28 348160 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d965f31-n\msvcr71.dll
2010-05-10 17:28 . 2010-05-10 17:28 61440 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4910d5eb-n\decora-sse.dll
2010-05-10 17:28 . 2010-05-10 17:28 12800 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4910d5eb-n\decora-d3d.dll
2010-05-10 17:28 . 2010-05-10 17:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 17:27 . 2010-05-10 17:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:20 . 2010-05-01 13:20 -------- d-----w- c:\program files\ERUNT
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\program files\Sky
2010-04-26 17:40 . 2010-04-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sky
2010-04-22 16:06 . 2010-04-22 16:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-22 16:06 . 2010-04-23 12:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-22 16:06 . 2010-04-22 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 20:02 . 2010-04-15 20:02 -------- d-----w- c:\program files\iPod
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\program files\iTunes
2010-04-15 20:02 . 2010-04-15 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 19:55 . 2010-04-15 19:56 -------- d-----w- c:\program files\QuickTime
2010-04-15 19:50 . 2010-04-15 19:51 -------- d-----w- c:\program files\Bonjour
2010-04-15 19:37 . 2010-04-15 19:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 15:53 . 2008-03-30 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-10 17:19 . 2004-09-22 16:00 -------- d-----w- c:\program files\Java
2010-05-05 20:35 . 2002-08-29 04:00 8832 ----a-w- c:\windows\system32\drivers\RASACD.SYS
2010-04-30 23:25 . 2005-08-03 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-30 22:20 . 2010-03-04 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 14:39 . 2010-03-04 22:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-04 22:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:40 . 2008-03-30 20:06 -------- d-----w- c:\program files\Kontiki
2010-04-22 19:15 . 2008-08-20 12:12 -------- d-----w- c:\documents and settings\Adam\Application Data\U3
2010-04-15 21:10 . 2008-09-03 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 20:02 . 2008-10-20 17:35 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 11:44 . 2005-07-15 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 19:33 . 2010-04-07 19:10 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
2010-04-07 19:00 . 2009-11-12 22:00 -------- d-----w- c:\documents and settings\Adam\Application Data\DiskAid
2010-03-30 18:18 . 2005-08-03 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-10 06:15 . 2002-08-29 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:45 . 2009-12-10 18:56 38784 ----a-w- c:\documents and settings\Adam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 13:11 . 2002-08-29 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 18:49 . 2010-03-06 15:34 288096 ----a-r- c:\documents and settings\Adam\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-02-16 14:08 . 1979-12-31 23:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1979-12-31 23:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-07-22 10:51 . 2004-07-22 10:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 22:58 . 2004-07-19 22:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 22:53 . 2004-07-19 22:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 14:17 . 2004-07-09 14:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 09:13 . 2004-07-09 09:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 09:13 . 2004-07-09 09:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 04:08 . 2004-07-09 04:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 04:08 . 2004-07-09 04:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 03:03 . 2004-07-09 03:03 62976 ----a-w- c:\program files\DSETUP.dll
2008-06-30 12:44 . 2008-08-18 22:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-09_16.16.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-13 15:23 . 2010-05-13 15:23 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2010-05-13 15:23 . 2010-05-13 15:23 16384 c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2010-05-10 17:00 . 2010-05-10 17:00 87716 c:\windows\SYSTEM32\Adobe\Shockwave 11\uninstaller.exe
- 2008-11-01 18:01 . 2008-08-06 16:21 94208 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-04-01 12:46 . 2010-04-01 12:46 94208 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-04-01 12:09 . 2010-04-01 12:09 79488 c:\windows\SYSTEM32\Adobe\Shockwave 11\gtapi.dll
+ 2010-04-01 13:01 . 2010-04-01 13:01 65816 c:\windows\SYSTEM32\Adobe\Director\SWDNLD.EXE
- 2008-11-01 18:01 . 2008-08-06 16:22 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-04-01 12:48 . 2010-04-01 12:48 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-05-10 17:27 . 2010-05-10 17:27 153376 c:\windows\SYSTEM32\javaws.exe
+ 2010-05-10 17:27 . 2010-05-10 17:27 145184 c:\windows\SYSTEM32\javaw.exe
+ 2010-05-10 17:27 . 2010-05-10 17:27 145184 c:\windows\SYSTEM32\java.exe
+ 2010-04-01 12:09 . 2010-04-01 12:09 136568 c:\windows\SYSTEM32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2010-04-01 12:46 . 2010-04-01 12:46 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
- 2008-11-01 18:01 . 2008-08-06 16:24 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
+ 2010-04-01 12:59 . 2010-04-01 12:59 459032 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwHelper_1156606.exe
+ 2010-04-01 12:49 . 2010-04-01 12:49 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll
- 2008-11-01 18:01 . 2008-08-06 16:24 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll
+ 2010-04-01 12:47 . 2010-04-01 12:47 372736 c:\windows\SYSTEM32\Adobe\Shockwave 11\Plugin.dll
+ 2010-04-01 12:09 . 2010-04-01 12:09 753152 c:\windows\SYSTEM32\Adobe\Shockwave 11\gi.dll
+ 2010-04-01 12:46 . 2010-04-01 12:46 503808 c:\windows\SYSTEM32\Adobe\Shockwave 11\Control.dll
+ 2010-04-01 13:00 . 2010-04-01 13:00 213272 c:\windows\SYSTEM32\Adobe\Director\SwDir.dll
+ 2010-04-01 12:48 . 2010-04-01 12:48 131072 c:\windows\SYSTEM32\Adobe\Director\np32dsw.dll
+ 2010-05-10 17:28 . 2010-05-10 17:28 180224 c:\windows\Installer\5a018.msi
+ 2010-05-10 17:27 . 2010-05-10 17:27 577536 c:\windows\Installer\5a013.msi
+ 2010-05-13 15:26 . 2010-05-13 15:26 339968 c:\windows\ERDNT\AutoBackup\13-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-13 15:26 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\13-05-2010\ERDNT.EXE
+ 2010-05-11 14:32 . 2010-05-11 14:32 339968 c:\windows\ERDNT\AutoBackup\11-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-11 14:32 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-05-2010\ERDNT.EXE
+ 2010-05-10 16:14 . 2010-05-10 16:14 335872 c:\windows\ERDNT\AutoBackup\10-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-10 16:14 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\10-05-2010\ERDNT.EXE
+ 2010-04-01 12:20 . 2010-04-01 12:20 1011712 c:\windows\SYSTEM32\Adobe\Shockwave 11\iml32.dll
+ 2010-04-01 12:09 . 2010-04-01 12:09 1975408 c:\windows\SYSTEM32\Adobe\Shockwave 11\gt.exe
+ 2010-04-01 12:25 . 2010-04-01 12:25 1798144 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
- 2008-11-01 18:01 . 2008-08-06 15:45 1798144 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
+ 2010-05-13 15:26 . 2010-05-13 15:26 10973184 c:\windows\ERDNT\AutoBackup\13-05-2010\Users\00000001\ntuser.dat
+ 2010-05-11 14:32 . 2010-05-11 14:32 10973184 c:\windows\ERDNT\AutoBackup\11-05-2010\Users\00000001\ntuser.dat
+ 2010-05-10 16:13 . 2010-05-10 16:14 10973184 c:\windows\ERDNT\AutoBackup\10-05-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-22 26112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Adam\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\thewrenster\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [04/03/2010 20:43 23296]
R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Adam\LOCALS~1\Temp\cel90xbe.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [13/01/2009 18:04 98488]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\SYSTEM32\DRIVERS\se46bus.sys [06/01/2008 23:18 61536]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [20/04/2006 13:46 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [19/01/2006 11:09 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = 127.0.0.1;local.,;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\4zfbyjhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 16:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,a8,fb,e4,bf,a4,e5,ca,04,44,b0,74,3d,61,03,8c,c8,76,49,d4,5c,84,93,
f7,00,a3,7f,1f,6b,98,a1,5a,4b,85,a8,cd,fc,e4,e5,a8,ae,9a,3d,13,8a,1d,2f,8c,\
"??"=hex:c0,b5,47,71,bf,22,05,6a,7f,20,91,73,98,78,df,c5
[HKEY_USERS\S-1-5-21-2582867135-508947273-3280867668-1006\Software\SecuROM\License information*]
"datasecu"=hex:85,8d,d8,73,dd,70,39,0c,18,40,ca,b4,b7,05,5e,d6,c0,50,63,f2,74,
d3,b6,88,d1,71,38,d9,47,05,e1,99,00,05,23,37,76,e7,45,84,91,ae,f8,de,a3,e1,\
"rkeysecu"=hex:21,46,94,25,f3,3a,c3,bd,fe,dd,cb,0f,0f,dd,78,45
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-13 16:57:01
ComboFix-quarantined-files.txt 2010-05-13 15:56
ComboFix2.txt 2010-05-10 16:49
ComboFix3.txt 2010-05-09 16:20
ComboFix4.txt 2010-05-05 21:34
Pre-Run: 14,949,773,312 bytes free
Post-Run: 15,015,821,312 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 901EBA18D12D0A5960139B4EC6C17B4B
cheers for your help - the system seems to be fine - ive not tried the internet properly yet as i have outdated security software. I have some new software via my service provider - should i download this THEN uninstall mcafee or uninstall first THEN download it?
cheers again - is there anything i should be aware of or update or change settings?
thanks
Adam
You're welcome :)
ive not tried the internet properly yet as i have outdated security software. I have some new software via my service provider - should i download this THEN uninstall mcafee or uninstall first THEN download it?
Is it update to McAfee or totally different protection product? If it's the first mentioned then old version should be updated automatically without uninstall. If it's other product then you could download new protection software first, uninstall McAfee and then install the new protection.
is there anything i should be aware of or update or change settings?
Yes, there are some final steps left. Please find those listed below.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Uninstall old Spybot version and get the latest one here (http://www.safer-networking.org/en/spybotsd/index.html)
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.