View Full Version : Unknown infection, blocks executables
chrisbattista03
2010-06-03, 16:59
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 10:55:00.39 on Thu 06/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.588 [GMT -4:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\LocalService\Local Settings\Application Data\asam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATTToolbar\FDServer.exe
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: voguecash browser enhancer: {e94126a3-fbb7-b8ec-dbb3-8b7931dbdf01} - c:\windows\system32\swvyslcmvyx.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [pjpvyiqvfjo] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\swvyslcmvyx.dll"
mRun: [MChk] c:\windows\system32\ncrpuidj.exe
mRun: [yymdfwnc] c:\documents and settings\localservice\local settings\application data\gqaovxpvj\uptjycatssd.exe
mRun: [asam] c:\documents and settings\localservice\local settings\application data\asam.exe
dRun: [Power2GoExpress] NA
dRun: [yymdfwnc] c:\documents and settings\localservice\local settings\application data\gqaovxpvj\uptjycatssd.exe
dRun: [asam] c:\documents and settings\localservice\local settings\application data\asam.exe
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {7D2B746C-786A-4243-87F8-3531591BFDF4} = 93.188.163.6,93.188.166.241
TCP: {F223CDB5-C307-4D4C-ADA2-DE4C5F06E4A9} = 93.188.163.6,93.188.166.241
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com (http://www.google.com)
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-5-7 11608]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-5-7 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-5-7 151297]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-15 14976]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-5-7 52056]
S0 obomshz;obomshz;c:\windows\system32\drivers\wjindtf.sys --> c:\windows\system32\drivers\wjindtf.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-7-5 18432]
=============== Created Last 30 ================
2010-06-03 13:30:23 0 dc----w- c:\windows\system32\dllcache\cache
2010-06-03 13:22:24 98816 ----a-w- c:\windows\sed.exe
2010-06-03 13:22:24 230912 ----a-w- c:\windows\PEV.exe
2010-06-03 13:22:24 161792 ----a-w- c:\windows\SWREG.exe
2010-06-03 13:21:14 0 d-s---w- C:\ComboFix
2010-06-03 12:03:02 0 d-----w- C:\28342
2010-06-01 06:12:17 50981 ----a-w- c:\windows\system32\ejoyieghoqgp.exe
2010-06-01 06:11:28 823808 ----a-w- c:\windows\system32\drivers\peehmji.sys
2010-06-01 06:11:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-06-01 06:10:44 68608 ----a-w- c:\windows\system32\ernel32.dll
2010-05-27 11:57:10 169472 ----a-w- c:\windows\system32\swvyslcmvyx.dll
2010-05-24 16:31:20 40633 ----a-w- c:\windows\system32\ncrpuidj.exe
2010-05-22 05:01:40 0 d-----w- c:\program files\Video Converter
2010-05-10 05:01:04 0 d-----w- c:\program files\DebugMode
==================== Find3M ====================
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-13 18:45:08 81920 ----a-w- c:\program files\common files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54:32 626688 ----a-w- c:\program files\common files\MSVCR80.dll
============= FINISH: 10:56:47.58 ===============
----------------------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2008 7:27:19 PM
System Uptime: 6/3/2010 10:48:53 AM (0 hours ago)
Motherboard: Winfast | | NF4(X)K8MC
Processor: AMD Athlon(tm) 64 Processor 4000+ | Socket 939 | 2412/194mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 182 GiB total, 35.371 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.435 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA(R) nForce(TM) Audio Codec Interface
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Manufacturer: NVIDIA Corporation
Name: NVIDIA(R) nForce(TM) Audio Codec Interface
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Service: nvax
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
==== System Restore Points ===================
RP1: 6/1/2010 2:14:38 AM - System Checkpoint
RP2: 6/3/2010 9:22:59 AM - ComboFix created restore point
==== Installed Programs ======================
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92PP Soft Modem
Alesis io|2 ASIO Driver
Amazon MP3 Downloader 1.0.5
America Online (Choose which version to remove)
ANIO Service
ANIWZCS2 Service
Any Video Converter 3.0.5
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
AT&T Yahoo! Internet Mail
Athlon 64 Processor Driver
AVI DivX to DVD SVCD VCD Converter 4.0.0322
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Connect
ConvertXtoDVD 3.5.1.135
Critical Update for Windows Media Player 11 (KB959772)
DebugMode Wax 2.0
Digital Media Reader
DVD Solution
EAX4 Unified Redist
GmoteServer
GTK+ Runtime 2.12.8 rev a (remove only)
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.0
HP Software Update
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 13
Java(TM) 6 Update 7
kuler
LightScribe System Software 1.10.13.1
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
Napster Burn Engine
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NvMixer
OpenOffice.org 3.0
Overland
PDF Settings CS4
Performance Platform Voguecash
Photoshop Camera Raw
Photosmart 320,370,7400,8100,8400 Series
Pidgin
Pixel Bender Toolkit
Power2Go 4.0
PowerDVD
PS8100
PSPrinters06
Pure Networks Port Magic
QFolder
QuickTime
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sky-Banners browser enhancer
Sonic Encoders
Steinberg Cubase LE 4
Street-Ads Browser Enhancer
Suite Shared Configuration CS4
Syncrosoft License Control
Tom Clancy's Splinter Cell Double Agent
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoCam Suite 2.0
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Wireless G WUA-1340
WIZ1x0_105SR Configtool
Yahoo! Install Manager
==== Event Viewer Messages From Past Week ========
6/3/2010 9:28:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
6/3/2010 9:00:21 AM, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 9:00:18 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 9:00:04 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/3/2010 9:00:00 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 8:59:41 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 8:59:34 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/3/2010 8:59:26 AM, error: Service Control Manager [7034] - The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 8:59:13 AM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 8:51:02 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
6/3/2010 8:04:14 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/3/2010 8:04:07 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/3/2010 10:49:33 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
6/1/2010 3:00:17 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/1/2010 2:56:30 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/1/2010 2:56:30 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/1/2010 2:15:27 AM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 00195B7E149F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/1/2010 2:11:34 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
5/29/2010 11:58:18 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00195B7E149F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/29/2010 11:58:07 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
==== End Of File ===========================
I meant to add that this thing disables executable files, and i had to shut down about 5 running processes so that I could produce this log.
Thank you
-----------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Hello chrisbattista03 and :welcome:
My name is JonTom.
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Please be aware that I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice.
This may cause a delay in response time, but I will do my best to keep it as short as possible.
I will reply back shortly with instructions.
chrisbattista03
2010-06-06, 16:58
Thanks JonTom, I will await your reply.
Hello chrisbattista03
Thank you for the log.
Please only reply to this thread and do not start another topic otherwise I will not be able to keep track of you.
You machine is heavily infected.
IMPORTANT!!!
It is very likely that the malware we are dealing with has password stealing capabilities. For this reason you are STRONGLY ADVISED to disconnect the infected computer from the internet and from any networked computers until it can be cleaned. If you have networked compters, these must be checked, as they may also be infected.
Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft. It may also be prudent to ask your banks to freeze/disable online access to your accounts until you are certain that your computer is free of the infecting malware.
It is ESSENTIAL that you use a CLEAN (uninfected) computer to change ALL of your passwords for the online services (banking etc) that you use. DO NOT USE THE INFECTED COMPUTER TO CHANGE YOUR PASSWORDS OR TO PERFORM ANY FINANCIAL TRANSACTIONS, as doing so will give the attacker access to the new password that you create.
ComboFix
I can see that you have recently had ComboFix on your system.
If ComboFix is still installed, please delete the copy you have and work your way through the steps listed below.
this thing disables executable files
exeHelper
Please download exeHelper by clicking here (http://www.raktor.net/exeHelper/exeHelper.com) and save the file (called exeHelper.com) to your desktop.
Double click on exeHelper.com to run the fix.
A black window should pop up. Press any key to close once the fix is completed.
Post the contents of log.txt (it Will be created in the directory where you ran exeHelper.com).
NOTE: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
In the (unlikely) event that exeHelper does not enable you to open programs more easily, try rkill:
rkill
Please download and run rkill (Courtesy of Bleepingcomputer.com).
There are 6 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
5. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
6. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Download Combofix and RE-NAME it BEFORE saving
Download Combofix from either of the links below. You must rename it to chrisbatista.exe before saving it.
Save it to your desktop. Change the "save as file type" to "all files".
Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.
Double click on the renamed ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.
Please provide the exeHelper log and the ComboFix log in your next reply.
chrisbattista03
2010-06-09, 21:15
combofix had to reboot the machine, and my antivirus restarts on bootup, so while combofix was running i was getting warnings from Avira. I chose "deny access" for every warning it gave me.
exeHelper by Raktor
Build 20100414
Run at 14:29:17 on 06/09/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
=========================================================
ComboFix 10-06-09.01 - Owner 06/09/2010 14:49:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.676 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\chrisbatista.exe
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB
c:\documents and settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB\enemies-names.txt
c:\documents and settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB\gotnewupdate000.exe
c:\documents and settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB\local.ini
c:\documents and settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB\lsrslt.ini
c:\documents and settings\Cubase LE\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\documents and settings\Cubase LE\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Cubase LE\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Cubase LE\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\Cubase LE\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\documents and settings\LocalService\Local Settings\Application Data\asam.exe
c:\documents and settings\LocalService\Local Settings\Application Data\gqaovxpvj
c:\documents and settings\LocalService\Local Settings\Application Data\gqaovxpvj\uptjycatssd.exe
c:\documents and settings\LocalService\Local Settings\Application Data\syssvc.exe
c:\windows\system32\ernel32.dll
Infected copy of c:\windows\system32\drivers\ql10wnt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-03 13:21 . 2010-06-03 13:33 -------- d-----w- C:\ComboFix
2010-06-03 12:03 . 2010-06-03 12:03 -------- d-----w- C:\28342
2010-06-03 12:01 . 2010-06-01 06:10 68608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\uO931i.dll
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATTTOOLBAR
2010-06-01 06:56 . 2010-06-01 06:10 68608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\93179w179.dll
2010-06-01 06:15 . 2010-06-01 06:10 68608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\17u3m7.dll
2010-06-01 06:12 . 2010-06-01 06:12 50981 ----a-w- c:\windows\system32\ejoyieghoqgp.exe
2010-06-01 06:12 . 2010-06-01 06:12 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-06-01 06:11 . 2010-06-09 18:56 823808 ----a-w- c:\windows\system32\drivers\peehmji.sys
2010-06-01 06:11 . 2010-06-09 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-01 06:10 . 2010-06-01 06:10 68608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\17oCE7.dll
2010-05-27 11:57 . 2010-05-27 11:57 169472 ----a-w- c:\windows\system32\swvyslcmvyx.dll
2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\ncrpuidj.exe
2010-05-24 01:17 . 2010-05-24 01:17 -------- d-----w- c:\documents and settings\Cubase LE\Application Data\VST3 Presets
2010-05-22 05:01 . 2010-05-22 05:01 -------- d-----w- c:\documents and settings\Cubase LE\Application Data\AnvSoft
2010-05-22 05:01 . 2010-05-22 05:01 -------- d-----w- c:\program files\Video Converter
2010-05-22 01:32 . 2010-05-28 22:51 1 ----a-w- c:\documents and settings\Cubase LE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-22 01:31 . 2010-05-22 01:31 -------- d-----w- c:\documents and settings\Cubase LE\Application Data\OpenOffice.org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:42 . 2009-02-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-06-09 18:18 . 2009-10-07 04:12 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Gmote
2010-05-10 05:01 . 2010-05-10 05:01 -------- d-----w- c:\program files\DebugMode
2009-01-13 18:45 . 2009-07-15 01:19 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54 . 2009-07-15 01:19 626688 ----a-w- c:\program files\Common Files\MSVCR80.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-03_13.28.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 18:44 . 2010-06-09 18:44 16384 c:\windows\temp\Perflib_Perfdata_e0.dat
+ 2010-06-03 13:30 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2010-06-03 13:30 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2010-06-03 13:30 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2010-06-03 13:30 . 2005-09-01 01:41 19968 c:\windows\system32\dllcache\cache\linkinfo.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 55808 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 60416 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 77312 c:\windows\system32\dllcache\cache\browser.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 129536 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2010-06-03 13:30 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2010-06-03 13:30 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2010-06-03 13:30 . 2007-02-05 20:17 185344 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2010-06-03 13:30 . 2005-03-10 14:49 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2010-06-03 13:30 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2010-06-03 13:30 . 2005-07-08 16:27 249344 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 170496 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2010-06-03 13:30 . 2006-12-19 21:52 134656 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2010-06-03 13:30 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2010-06-03 13:30 . 2004-08-10 19:00 190976 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 180224 c:\windows\system32\dllcache\cache\scecli.dll
+ 2010-06-03 13:30 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 382464 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2010-06-03 13:30 . 2007-02-09 11:10 574464 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2010-06-03 13:30 . 2005-08-22 18:29 197632 c:\windows\system32\dllcache\cache\netman.dll
+ 2010-06-03 13:30 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2010-06-03 13:30 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2010-06-03 13:30 . 2006-11-01 19:17 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2010-06-03 13:30 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2010-06-03 13:30 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\cache\es.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2010-06-03 13:30 . 2006-08-25 15:45 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2010-06-03 13:30 . 2004-08-10 19:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2010-06-03 13:30 . 2006-02-15 00:22 142464 c:\windows\system32\dllcache\cache\aec.sys
+ 2010-06-03 13:30 . 2004-08-10 19:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2010-06-03 13:30 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2010-06-03 13:30 . 2010-02-17 15:57 2063744 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2010-06-03 13:30 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2010-06-03 13:30 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E94126A3-FBB7-B8EC-DBB3-8B7931DBDF01}]
2010-05-27 11:57 169472 ----a-w- c:\windows\system32\swvyslcmvyx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"pjpvyiqvfjo"="c:\windows\system32\swvyslcmvyx.dll" [2010-05-27 169472]
"MChk"="c:\windows\system32\ncrpuidj.exe" [2010-05-24 40633]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\
GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2009-10-7 451584]
c:\documents and settings\Cubase LE\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-07-19 07:02 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-12-09 00:57 550912 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 16:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1210028400\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 05:09 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 05:09 659456 ----a-w- c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 05:09 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 21:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-10-07 22:53 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 01:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 17:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-27 15:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1210028400\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\GmoteServer\\GmoteServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"8889:TCP"= 8889:TCP:gmote
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/15/2009 12:29 PM 14976]
S0 obomshz;obomshz;c:\windows\system32\drivers\wjindtf.sys --> c:\windows\system32\drivers\wjindtf.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 7:03 AM 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [7/5/2009 10:05 PM 18432]
--- Other Services/Drivers In Memory ---
*Deregistered* - peehmji
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-06-08 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-09-21 05:09]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{E34E5590-8C9C-42F3-BC91-59BF3E840393}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 14:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\peehmji]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3171649797-3824822186-616433660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,88,2d,03,2f,8a,15,1b,76,b4,15,18,ff,c0,64,ff,1a,bc,ec,cd,ed,0b,c1,
f5,bd,4f,8a,bb,3a,38,30,2e,e7,ef,17,e8,21,c4,c6,14,53,07,06,6b,4a,2a,c7,76,\
"??"=hex:1d,14,7d,cb,f4,2d,95,98,8e,a0,bb,e4,ae,71,f6,6b
.
Completion time: 2010-06-09 15:00:24
ComboFix-quarantined-files.txt 2010-06-09 19:00
ComboFix2.txt 2010-06-03 13:33
ComboFix3.txt 2009-05-01 15:15
Pre-Run: 37,914,316,800 bytes free
Post-Run: 37,863,559,168 bytes free
- - End Of File - - B0B61B29ADE77805B985DBD362C84700
Hello chrisbattista03
Thank you for the log.
We need to run ComboFix again, but this time, we will be running it in a different way.
Please work through the following steps
Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
Copy and Paste the text in the codebox below (including the link) into the open Notepad window:
http://forums.spybot.info/showthread.php?t=57783
Collect::
c:\windows\system32\Spool\prtprocs\w32x86\uO931i.dll
c:\windows\system32\Spool\prtprocs\w32x86\93179w179.dll
c:\windows\system32\Spool\prtprocs\w32x86\17u3m7.dll
c:\windows\system32\Spool\prtprocs\w32x86\17oCE7.dll
c:\windows\system32\ejoyieghoqgp.exe
c:\windows\system32\swvyslcmvyx.dll
c:\windows\system32\ncrpuidj.exe
c:\windows\system32\swvyslcmvyx.dll
c:\windows\system32\swvyslcmvyx.dll
c:\windows\system32\ncrpuidj.exe
c:\windows\system32\drivers\wjindtf.sys
c:\windows\system32\drivers\peehmji.sys
Driver::
obomshz
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E94126A3-FBB7-B8EC-DBB3-8B7931DBDF01}]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\peehmji]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pjpvyiqvfjo"=-
"MChk"=-
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
Close any open browsers.
Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Refering to the picture below, drag CFScript.txt into ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Once the log is produced, re-engage your resident anti virus.
Note: When ComboFix finishes running, the ComboFix log will open along with a message box - do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.
Please post the ComboFix log in your next reply.
chrisbattista03
2010-06-10, 18:31
ComboFix 10-06-09.04 - Owner 06/10/2010 12:03:07.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.639 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\chrisbatista.exe
Command switches used :: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
file zipped: c:\windows\system32\drivers\peehmji.sys
file zipped: c:\windows\system32\ejoyieghoqgp.exe
file zipped: c:\windows\system32\ncrpuidj.exe
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\17oCE7.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\17u3m7.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\93179w179.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\uO931i.dll
file zipped: c:\windows\system32\swvyslcmvyx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\peehmji.sys
c:\windows\system32\ejoyieghoqgp.exe
c:\windows\system32\ncrpuidj.exe
c:\windows\system32\Spool\prtprocs\w32x86\17oCE7.dll
c:\windows\system32\Spool\prtprocs\w32x86\17u3m7.dll
c:\windows\system32\Spool\prtprocs\w32x86\93179w179.dll
c:\windows\system32\Spool\prtprocs\w32x86\uO931i.dll
c:\windows\system32\swvyslcmvyx.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_obomshz
-------\Legacy_peehmji
-------\Service_peehmji
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.
2010-06-03 13:21 . 2010-06-03 13:33 -------- d-----w- C:\ComboFix
2010-06-03 12:03 . 2010-06-03 12:03 -------- d-----w- C:\28342
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATTTOOLBAR
2010-06-01 06:12 . 2010-06-01 06:12 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-06-01 06:11 . 2010-06-09 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-22 05:01 . 2010-05-22 05:01 -------- d-----w- c:\program files\Video Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 16:12 . 2009-10-07 04:12 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Gmote
2010-06-10 16:05 . 2009-02-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-05-10 05:01 . 2010-05-10 05:01 -------- d-----w- c:\program files\DebugMode
2009-01-13 18:45 . 2009-07-15 01:19 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54 . 2009-07-15 01:19 626688 ----a-w- c:\program files\Common Files\MSVCR80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\
GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2009-10-7 451584]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-07-19 07:02 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-12-09 00:57 550912 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 16:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1210028400\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 05:09 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 05:09 659456 ----a-w- c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 05:09 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 21:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-10-07 22:53 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 01:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 17:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-27 15:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1210028400\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\GmoteServer\\GmoteServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"8889:TCP"= 8889:TCP:gmote
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/15/2009 12:29 PM 14976]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 7:03 AM 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [7/5/2009 10:05 PM 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-06-08 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-09-21 05:09]
2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{E34E5590-8C9C-42F3-BC91-59BF3E840393}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=.
- - - - ORPHANS REMOVED - - - -
AddRemove-ejoyieghoqgp - c:\windows\system32\ejoyieghoqgp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 12:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3171649797-3824822186-616433660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,88,2d,03,2f,8a,15,1b,76,b4,15,18,ff,c0,64,ff,1a,bc,ec,cd,ed,0b,c1,
f5,bd,4f,8a,bb,3a,38,30,2e,e7,ef,17,e8,21,c4,c6,14,53,07,06,6b,4a,2a,c7,76,\
"??"=hex:1d,14,7d,cb,f4,2d,95,98,8e,a0,bb,e4,ae,71,f6,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Java\jre6\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2010-06-10 12:23:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 16:23
ComboFix2.txt 2010-06-09 19:00
ComboFix3.txt 2010-06-03 13:33
ComboFix4.txt 2009-05-01 15:15
Pre-Run: 37,827,383,296 bytes free
Post-Run: 37,672,095,744 bytes free
- - End Of File - - C27D061C415183D26E4E64D259116281
Hello chrisbattista03
Thank you for the log. Before we continue, please do the following:
Please manually upload the following files for analysis
The CFScript I asked you to run was designed to upload the malware files on your system for analysis. Unfortunately the upload failed so I would like you to upload these files manually. Please do the following:
Please click on the following LINK (http://www.bleepingcomputer.com/submit-malware.php?channel=4). A new window will open.
In the box marked "Link to topic where this file was requested:" please paste in the following text:
http://forums.spybot.info/showthread.php?t=57783
Click the "Browse" button and navigate to C:\Qoobox\Quarantine
There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip (the * denotes the Date and Time stamp - it will be close to this: 2010-06-10 16:23).
Select this file and click "Open".
In the Largest box please put:
File Requested By JonTom
Failed Collect::
Finally click "SendFile".
Please let me know if the file was successfully uploaded.
chrisbattista03
2010-06-12, 06:02
It says the file was successfully uploaded.
Hello chrisbattista03
It says the file was successfully uploaded. Good job :bigthumb:
Please perform the following scan:
Please download MalwareBytes AntiMalware by clicking here (http://www.besttechie.net/tools/mbam-setup.exe) and save the file (called mbam-setup.exe) to your desktop.
Double click on the mbam-setup.exe icon to install the program.
Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.
Please update your Java
To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
In the window that opens, click on the "Update" tab, and then on "Update Now".
Your Java should begin to update. Please follow any prompts that you receive.
Please perform the following scan:
This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.
It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
DO NOT surf the net while your resident protection is disabled!
Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.
Please perform a Kaspersky Online Scan of your computer by clicking here (http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1240137288999) or here (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html).
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run (at times it may appear to stall).
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report. To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
If you need help performing the above steps, an animated tutorial can be found here. (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Please provide the MBAM log and the Kaspersky Online Scan log in your next reply.
Also, please describe how your machine is behaving now. Are you still experiencing problems?
chrisbattista03
2010-06-14, 01:07
MBAM freezes about 9 seconds in on the same file consistently. I have tried to run it 3 times. The file it seems to get stuck on is:
c:\WINDOWS\system32\zipfldr.dll
i did not run anything else you listed. except for the mbam update.
Hello chrisbattista03
MBAM freezes about 9 seconds in on the same file consistently Curious?
It may be possible that this is a false positive. Just to make sure I would like to take a closer look at the file in question. Please work your way through the following steps:
Please make all files and folders VISIBLE:
Click "Start" Go to My Computer-> Tools-> Folder Options-> View tab:
Choose to "Show hidden files and folders."
Uncheck the "Hide protected operating system files" and the "Hide extensions for know file types" boxes.
Close the window with "OK".
Please scan the following files
Please visit Virus Total by clicking here. (http://www.virustotal.com/)
Click the Browse button and search for the following file (if present): c:\WINDOWS\system32\zipfldr.dll
Click Open.
Then click Send File.
Please be patient while the file is scanned.
If Virus Total tells you that the file has already been scanned, click "reanalyse now".
Please provide the results from the scans in your next reply.
chrisbattista03
2010-06-15, 17:47
After running all night, the scan doesn't seem to have ever completed. Looks like the same issue, it can't be scanned all the way through for some reason. here is the information that was provided by VirusTotal.
The part i turned purple was not actually on the screen, it showed up when I C&P the text...
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
Fortinet 4.1.133.0 2010.06.14 -
TheHacker 6.5.2.0.298 2010.06.14 -
Additional information
File size: 337920 bytes
MD5...: 424162325a32183bf65bbaf740209749
SHA1..: 1cba9acb330cbf96e0cefa4aec22253ddac99363
SHA256: 319cfa1377e88f4a119143042b167dfe1069296d017fae6149232594a258e3f8
ssdeep: 6144:FDnxZhgjWu+b+Ijq/Yyhk9ZrUicGkTJ/0dAQA6sj:NnxZhgxgKYyOT5ep0d
Ah
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x130f9
timedatestamp.....: 0x411096b5 (Wed Aug 04 07:56:37 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x337f4 0x33800 6.62 fa3397a7a1d0fa32bcc21f512995a1a3
.data 0x35000 0x41bc 0x2600 4.33 b26c0886d89f828ccda7decc362f50c4
.rsrc 0x3a000 0x19478 0x19600 5.14 7dd846f980722ac4ca0b95565a471e58
.reloc 0x54000 0x2f88 0x3000 5.30 7608f4c7353e342f680965dbe7b1d1bf
( 9 imports )
> ntdll.dll: RtlUnwind
> KERNEL32.dll: SetCurrentDirectoryW, LeaveCriticalSection, EnterCriticalSection, GetCurrentDirectoryW, RemoveDirectoryW, CreateThread, LocalFree, FormatMessageW, GetLastError, DeleteFileW, CopyFileW, DeleteCriticalSection, InitializeCriticalSection, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, FreeLibrary, GetProcAddress, LoadLibraryW, FindNextFileW, CloseHandle, CreateFileW, FileTimeToSystemTime, CreateDirectoryW, CompareFileTime, GetFileTime, lstrcmpiW, GlobalUnlock, GlobalLock, lstrcmpW, lstrcpynW, LocalAlloc, GetCalendarInfoW, TlsSetValue, TlsGetValue, TlsAlloc, TlsFree, GetDiskFreeSpaceExW, MultiByteToWideChar, lstrlenA, GetTempPathW, GetFileSizeEx, GetDriveTypeW, GlobalFree, lstrcpyW, GlobalAlloc, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, GetFileInformationByHandle, GlobalSize, GetProcessHeap, HeapFree, HeapReAlloc, HeapAlloc, ReadFile, WriteFile, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetFileAttributesA, SetLastError, ExitProcess, GetModuleHandleA, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FindFirstFileW, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, GetACP, GetOEMCP, GetCPInfo, UnhandledExceptionFilter, VirtualAlloc, LoadLibraryA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, InterlockedExchange, VirtualQuery, VirtualProtect, GetSystemInfo, GetTimeZoneInformation, SetFilePointer, SetStdHandle, FlushFileBuffers, CompareStringA, CompareStringW, SetEnvironmentVariableA, FindClose, GetFileAttributesW, SetFileAttributesW, lstrlenW, ExitThread, SetFileAttributesA, CreateDirectoryA, LocalLock, LocalUnlock, lstrcmpiA, IsDBCSLeadByte, FindFirstFileA, FileTimeToDosDateTime, DeleteFileA, GlobalReAlloc, CreateFileA, GetDriveTypeA, GlobalHandle, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetWindowsDirectoryW, GetSystemTimeAsFileTime, QueryPerformanceCounter, DosDateTimeToFileTime, FileTimeToLocalFileTime, GetTickCount, GetCurrentProcessId, GetModuleFileNameW, GetFileSize, MoveFileA, SetVolumeLabelA, FindNextFileA, GetDiskFreeSpaceA, RemoveDirectoryA, SetCurrentDirectoryA, lstrcmpA, GetSystemWindowsDirectoryW, LoadLibraryExA, GetVolumeInformationA, GetEnvironmentStrings, GetTempFileNameA, GetFullPathNameA, GetCurrentDirectoryA, GetModuleHandleW
> GDI32.dll: GetStockObject, DeleteObject, GetDeviceCaps, CreateFontIndirectW
> USER32.dll: GetSubMenu, GetParent, SetWindowTextW, GetDlgItem, LoadStringW, SetWindowLongW, EndDialog, ShowCursor, DeleteMenu, CharToOemA, CreateWindowExW, CharUpperBuffA, CharPrevA, CharNextA, DispatchMessageA, PeekMessageA, CharUpperA, MessageBoxA, GetActiveWindow, CharLowerA, CharToOemBuffA, OemToCharBuffA, SetDlgItemTextW, GetDesktopWindow, DialogBoxParamW, LoadMenuW, SendDlgItemMessageW, RemoveMenu, GetForegroundWindow, TrackPopupMenu, RegisterClassW, DefWindowProcW, CharNextW, GetWindowLongW, SystemParametersInfoW, GetWindowRect, SetForegroundWindow, GetDlgItemTextW, InsertMenuW, RegisterClipboardFormatW, LoadCursorW, SetCursor, SetMenuDefaultItem, DestroyMenu, GetAsyncKeyState, CheckDlgButton, SetFocus, EnableWindow, GetWindowTextW, PeekMessageW, IsDialogMessageW, TranslateMessage, DispatchMessageW, MessageBoxW, ShowWindow, IsDlgButtonChecked, DestroyWindow, SendMessageW, PostMessageW
> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey
> SHELL32.dll: -, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetSpecialFolderPathW, SHGetMalloc, SHGetFolderPathW, SHSetLocalizedName, -, -, -, SHGetFileInfoW, ShellExecuteExW, -, DragQueryFileW, -, SHFileOperationW, -, -, -, -, -, -, -, ShellExecuteW, -, SHGetDesktopFolder, -, SHChangeNotify, SHGetSpecialFolderLocation
> ole32.dll: CreateBindCtx, CoInitializeEx, CoUninitialize, CoCreateInstance, ReleaseStgMedium, OleGetClipboard, CoTaskMemFree, OleSetClipboard
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathCommonPrefixW, wnsprintfW, PathAppendW, StrCpyNW, PathFileExistsW, PathRemoveBlanksW, SHStrDupW, PathFindFileNameW, StrChrW, PathFindExtensionW, PathCompactPathW, StrStrW, PathCombineW, PathCanonicalizeW, PathIsRelativeW, PathIsPrefixW, PathRemoveFileSpecW, PathSkipRootW, PathStripToRootW, -, StrFormatKBSizeW, PathFindFileNameA, StrCmpNIW, -, -, -, -, -, -, -, -, -, PathRemoveBackslashW, PathCompactPathExW, StrCatBuffW, StrToIntW, StrRetToBufW
( 6 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, RegisterSendto, RouteTheCall
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
Hello chrisbattista03
Looks like the same issue, it can't be scanned all the way through for some reason Thanks for letting me know. Lets try this:
rkill
Please run rkill again (instructions provided in post number 4).
SuperAntiSpyware
Download SuperAntiSpyware by clicking here (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe) and save the file (called superantispyware.exe) to your desktop.
Once the download is complete, close all windows and double click on the superantispyware.exe icon to start the installation.
Follow any prompts you receive (do not make any changes to the default settings provided).
Click on "Finish" to complete the installation.
SuperAntiSpyware will automatically open. Select your preferred language and click on "OK".
You will now be prompted to update the SuperAntiSpyware definitions. Please press the "Yes" button to allow the program to download and install the latest updates so that it can properly detect and remove the latest malware.
Follow the prompts and click on the "Finish" button.
The main menu will now appear.
Click on the "Scan your computer" button and choose "Complete scan" then click on "Next" to begin the scan.
If SuperAntiSpyware detects any Malware, allow the program to quarantine what it finds.
To obtain the log of the scan you have just performed, start SuperAntiSpyware, and click on the "Preferences" button.
Now click on the "Statistics/Logs" tab and then double click on the log with the most recent time and date.
Copy and paste the log into your next reply.
For more detailed instructions on running SuperAntiSpyware click here (http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial).
Please provide the SuperAntiSpyware log in your next reply.
If the program appears to stall (like MBAM did), come back and let me know.
chrisbattista03
2010-06-20, 17:40
YEs. I'm sorry about the delay.. here is the results
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/19/2010 at 08:39 PM
Application Version : 4.39.1002
Core Rules Database Version : 5057
Trace Rules Database Version: 2869
Scan type : Complete Scan
Total Scan Time : 12:19:50
Memory items scanned : 711
Memory threats detected : 0
Registry items scanned : 9178
Registry threats detected : 14
File items scanned : 28492
File threats detected : 242
Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@content.yieldmanager[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@ad.m5prod[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@ad.wsod[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@ads.bcserving[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@rotator.adjuggler[1].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Cookies\owner@serving-sys[1].txt
cdn-www.pornhub.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
cdn4.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
ia.media-imdb.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
macromedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
media-ti.pictela.net [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
media.mtvnservices.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
media.scanscout.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
media1.break.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
naiadsystems.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
objects.tremormedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
s0.2mdn.net [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
stat.easydate.biz [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
static.2mdn.net [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
udn.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
www.naiadsystems.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
www.pornhub.com [ C:\Documents and Settings\Cubase LE\Application Data\Macromedia\Flash Player\#SharedObjects\EAD4KTCS ]
ad.yieldmanager.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.kanoodle.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Cubase LE\Application Data\Mozilla\Firefox\Profiles\29c0m4qc.default\cookies.sqlite ]
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@content.yieldmanager[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@onlinetrafficstats[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@clicksor[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@fastclick[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@redorbit[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@redorbit[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@adecn[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@mediaplex[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@invitemedia[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@atdmt[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@atdmt[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@server.cpmstar[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@collective-media[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@content.yieldmanager[3].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@content.yieldmanager[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@media6degrees[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@crackle[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@crackle[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@adbrite[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@rotator.adjuggler[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@ad.yieldmanager[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@ad.yieldmanager[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@ads.creafi[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@adserver.adtechus[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@apmebf[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@apmebf[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@doubleclick[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@doubleclick[3].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@interclick[2].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@myroitracking[1].txt
C:\Documents and Settings\Cubase LE\Cookies\cubase_le@rotator.adjuggler[1].txt
media.mtvnservices.com [ C:\Documents and Settings\Heather\Application Data\Macromedia\Flash Player\#SharedObjects\JV439K2T ]
media.scanscout.com [ C:\Documents and Settings\Heather\Application Data\Macromedia\Flash Player\#SharedObjects\JV439K2T ]
objects.tremormedia.com [ C:\Documents and Settings\Heather\Application Data\Macromedia\Flash Player\#SharedObjects\JV439K2T ]
udn.specificclick.net [ C:\Documents and Settings\Heather\Application Data\Macromedia\Flash Player\#SharedObjects\JV439K2T ]
www.pornhub.com [ C:\Documents and Settings\Heather\Application Data\Macromedia\Flash Player\#SharedObjects\JV439K2T ]
.mediaplex.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.adrevolver.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.adrevolver.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.wachovia.112.2o7.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.socialmedia.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.mediapromoter.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
ad2.yieldmanager.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
ad2.yieldmanager.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.euroclick.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
www5.addfreestats.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.cbs.112.2o7.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.naiadsystems.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
.pornhublive.com [ C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\9oz91u10.default\cookies.sqlite ]
C:\Documents and Settings\Heather\Cookies\heather@doubleclick[1].txt
acvs.mediaonenetwork.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
cdn-www.pornhub.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
files.adbrite.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
interclick.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
m1.2mdn.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
macromedia.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
media.scanscout.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
media.tattomedia.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
media1.break.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
msntest.serving-sys.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
myfreepaysite.teenslovebigcock.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
naiadsystems.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
objects.tremormedia.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
oddcast.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
udn.specificclick.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
www.gettingsextonight.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
www.naiadsystems.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
www.pornhub.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Macromedia\Flash Player\#SharedObjects\F2Z3GJCJ ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.dr.findlinks.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.traffic-all-sale.cn [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.traffic-service-online.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
www.sexdateprofiles.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
.wachovia.112.2o7.net [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
clicks.smartbizsearch.com [ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\cookies.sqlite ]
Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\MSNTEST.SERVING-SYS.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\ACVS.MEDIAONENETWORK.NET
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\MEDIA1.BREAK.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\INTERCLICK.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\NAIADSYSTEMS.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\FILES.ADBRITE.COM
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F2Z3GJCJ\ODDCAST.COM
Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\Software\avsoft
HKU\S-1-5-18\Software\avsoft
Rogue.AntiMalware Doctor
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\Software\Antimalware Doctor Inc
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7D2B746C-786A-4243-87F8-3531591BFDF4}#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{F223CDB5-C307-4D4C-ADA2-DE4C5F06E4A9}#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
Malware.Trace
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\Software\M5T8QL3YW3
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\SOFTWARE\XML
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\SOFTWARE\QZAIB7KITK
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-21-3171649797-3824822186-616433660-1008\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE
Trojan.Agent/Gen-Koobface[Bonkers]
C:\PROGRAM FILES\COMMON FILES\WIZ1X0SR_105SR_CFG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WIZNET\WIZ1X0_105SR CONFIGTOOL\LAUNCH WIZ1X0SR_105SR_CFG.EXE.LNK
C:\PROGRAM FILES\WIZNET\WIZ1X0_105SR CONFIGTOOL\WIZ1X0SR_105SR_CFG.EXE
Trojan.Agent/Gen-Keygen
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-92C8B56D4E\MY DOCUMENTS\DOWNLOADS\VSO CONVERTXTODVD 3.5.1.135+KEYGEN\KEYGEN\KEYGEN.EXE
Rootkit.TDSS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000001.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000005.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000018.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001329.DLL
Trojan.Agent/Gen-CDesc[Gen]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP2\A0000067.EXE
Trojan.Agent/Gen-Exploit
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001318.EXE
Trojan.Agent/Gen-FraudDrop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001319.EXE
Trojan.Agent/Gen-Faldesc
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001326.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001328.EXE
Trojan.Agent/Gen-FakeAlert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001327.EXE
Trojan.RootKit/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP4\A0001581.SYS
Hello chrisbattista03
Thank you for the log.
Before we continue, please work your way through the following steps:
Please download and run Rooter
Download Rooter by clicking here (http://eric.71.mespages.googlepages.com/Rooter.exe), and save the file (called Rooter.exe) to your desktop.
Double click on the desktop icon to start the scan.
When Rooter has completed its scan, a Notepad file containing the scan report will open (this report can also be found at %systemdrive%\Rooter.txt).
Please post the Rooter log in your next reply.
chrisbattista03
2010-06-21, 07:15
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 55 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.19 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:182 Go - Free:32 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 01:13.58
Path : C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (748)
______ \??\C:\WINDOWS\system32\csrss.exe (800)
______ \??\C:\WINDOWS\system32\winlogon.exe (824)
______ C:\WINDOWS\system32\services.exe (868)
______ C:\WINDOWS\system32\lsass.exe (880)
______ C:\WINDOWS\system32\nvsvc32.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1076)
______ C:\WINDOWS\system32\svchost.exe (1124)
______ C:\WINDOWS\System32\svchost.exe (1160)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1288)
______ C:\WINDOWS\system32\spoolsv.exe (1612)
______ C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (1652)
______ C:\WINDOWS\system32\svchost.exe (1720)
______ C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (1772)
______ C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (1788)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1804)
______ C:\WINDOWS\system32\bgsvcgen.exe (1828)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1848)
______ C:\WINDOWS\eHome\ehRecvr.exe (1900)
______ C:\WINDOWS\eHome\ehSched.exe (1940)
______ C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (2000)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2024)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (180)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1324)
______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (1296)
______ C:\WINDOWS\system32\svchost.exe (1496)
______ C:\WINDOWS\system32\svchost.exe (1584)
______ C:\WINDOWS\ehome\mcrdsvc.exe (404)
______ C:\WINDOWS\system32\dllhost.exe (2340)
______ C:\WINDOWS\System32\alg.exe (2372)
______ C:\WINDOWS\Explorer.EXE (3208)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2220)
______ C:\Program Files\GmoteServer\GmoteServer.exe (3396)
______ C:\Program Files\Java\jre6\bin\javaw.exe (3408)
______ C:\WINDOWS\System32\svchost.exe (3924)
______ C:\WINDOWS\system32\HPZipm12.exe (2560)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3600)
______ C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Desktop\Rooter.exe (2176)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:4416975360 | Length:195630059520)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:4416943104)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\HP Usg Daily FY04.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{E34E5590-8C9C-42F3-BC91-59BF3E840393}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 01:14.16
.
C:\Rooter$\Rooter_1.txt - (21/06/2010 | 01:14.16)
Hello chrisbattista03
Thank you for the Rooter log.
We do not support the use of illegal Pirated/Warez/Cracked software.
If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.
SuperAntiSpyware has quarantined a keygen file detected on your system. You must remove this file before we can continue.
To do this:
Open SuperAntiSpyware. The main menu window will be displayed.
Click on the "Manage Quarantine..." button.
A window will open that looks similar to the one shown here (http://www.superantispyware.com/WebHelp/Manage_Quarantined_Items.htm).
To delete the quarantined items, highlight them and click on "Remove...".
Are you able to run MBAM now?
Update it, run a full system scan and post the log that is created. If it stalls again come back and let me know.
chrisbattista03
2010-06-22, 06:59
mbam ran fine this time. All i did was run mbam and fix selected. i didn't do the java update or run kapersky from your old post.
--------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4223
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
6/22/2010 12:42:20 AM
mbam-log-2010-06-22 (00-42-20).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 322208
Time elapsed: 1 hour(s), 46 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Cubase LE\My Documents\ADOBE CS4 Key generator\invetalcom.com keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Update\seupd.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Cubase LE\Application Data\2FC198D417B474CA92ED624A385F93BB\gotnewupdate000.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\asam.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\syssvc.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\gqaovxpvj\uptjycatssd.exe.vir (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\peehmji.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000014.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000019.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
Hello chrisbattista03
Go ahead and update Java, then run the Online scan.
Post the log in your next reply and describe how your machine is behaving now.
chrisbattista03
2010-06-22, 17:39
When i click on UPDATE NOW in the java program nothing seems to happen. it is even set to auto update. I tried 3 times and let it sit for 10 minutes and nothing happened.
I also tried to run a program I have called Secunia PSI (it looks for programs that are out of date and updates them) and Secunia would not get passed the stage of "verifying network connection"
I didn't know if i should run Kapersky without doing the java update so i haven't done it yet.
Hello chrisbattista03
I didn't know if i should run Kapersky without doing the java update The scan may work with the old Java you have, but it is much better to have the latest version as outdated versions of Java can be exploited by malware. If the automatic Java update is being problematic, we can update it manually:
Please update your Java
Click on "Start", then on "Control Panel".
Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find.
Reboot your computer.
Next, download the latest version of Java by clicking here (http://java.sun.com/javase/downloads/index.jsp)
Scroll down the page until you reach "Java Platform Standard Edition".
Beneath this and to the right, you will see a red button marked "Download JRE".
Click the "Download JRE" button.
Select the platform (Windows, in your case), multi language.
Accept the license agreement and click on "Continue".
You do not have to register if you do not want to (the registration step is optional).
Scroll down and click on the file called jre-6u20-windows-i586.exe located under "Windows Offline Installation".
Save the file to your desktop.
Do not select Run.
Double click on the saved file (jre-6u20-windows-i586.exe) to install the update.
Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
Try the online scan now. If you run into any problems, come back and let me know.
Did you manage to run the scan?
chrisbattista03
2010-06-26, 03:50
sorry, java updated successfully. during uninstalation of JRE i got this error notification:
java.lang.nullpointerException
there was more info, but i couldn't copy any of it, java seemed to uninstall fine otherwise, and re-installation was smoothe with no reboot. I am starting the Kapersky scan now log will follow.
chrisbattista03
2010-06-27, 17:27
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 25, 2010 20:58:02
Records in database: 4298362
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 188551
Threats found: 5
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 04:00:22
File name / Threat / Threats count
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ql10wnt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_peehmji_.sys.zip Infected: Rootkit.Win32.Agent.bert 1
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: Rootkit.Win32.Agent.bert 1
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: Backdoor.Win32.TDSS.ro 4
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: not-a-virus:AdWare.Win32.RON.dvc 1
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001232.sys Infected: Rootkit.Win32.TDSS.ap 1
Selected area has been scanned.
Hello chrisbattista03
We are almost there. The Kaspersky Scan has detected an infected file and some items that we will take care of when CF is uninstalled. We'll take care of the file first:
Please download OTM
Please download OTM by OldTimer by clicking here. (http://oldtimer.geekstogo.com/OTM.exe)
Save the file (called OTM.exe) to your desktop.
Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe
:Files
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next post, please provide the OTM log and a fresh DDS scan of your machine.
Also, please describe how your machine is behaving now.
chrisbattista03
2010-07-02, 08:02
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Cubase LE
->Temp folder emptied: 3881 bytes
->Temporary Internet Files folder emptied: 276019 bytes
->Java cache emptied: 12184207 bytes
->FireFox cache emptied: 62244507 bytes
->Flash cache emptied: 19986 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Heather
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 11090635 bytes
->FireFox cache emptied: 8706445 bytes
->Flash cache emptied: 5795 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 767 bytes
User: Owner
User: Owner.YOUR-92C8B56D4E
->Temp folder emptied: 115887703 bytes
->Temporary Internet Files folder emptied: 6398019 bytes
->Java cache emptied: 16920147 bytes
->FireFox cache emptied: 31090746 bytes
->Flash cache emptied: 57511 bytes
User: OWNER~1~YOU
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3515178 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42206802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16295712 bytes
Total Files Cleaned = 312.00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 07022010_014837
Files moved on Reboot...
Registry entries deleted on Reboot...
.....................................................................................
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 1:59:09.53 on Fri 07/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.517 [GMT -4:00]
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GmoteServer\GmoteServer.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-5-7 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-5-7 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-5-7 151297]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-15 14976]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-5-7 52056]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-7-5 18432]
=============== Created Last 30 ================
2010-07-02 05:48:37 0 d-----w- C:\_OTM
2010-06-26 01:46:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-26 01:46:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 05:14:16 0 d-----w- C:\Rooter$
2010-06-19 12:15:02 0 d-----w- c:\docume~1\owner~1.you\applic~1\SUPERAntiSpyware.com
2010-06-19 12:15:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-19 12:14:54 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 01:57:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 01:57:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 01:49:12 0 d-----w- C:\53d6fe556a3c2073a1b0bc57
2010-06-12 04:00:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 18:36:21 77312 ----a-w- c:\windows\MBR.exe
2010-06-03 13:22:24 98816 ----a-w- c:\windows\sed.exe
2010-06-03 13:22:24 256512 ----a-w- c:\windows\PEV.exe
2010-06-03 13:22:24 161792 ----a-w- c:\windows\SWREG.exe
2010-06-03 13:21:14 0 d-----w- C:\ComboFix
2010-06-03 12:03:02 0 d-----w- C:\28342
==================== Find3M ====================
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-12-01 09:54:32 626688 ----a-w- c:\program files\common files\MSVCR80.dll
============= FINISH: 1:59:56.43 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2008 7:27:19 PM
System Uptime: 7/2/2010 1:56:26 AM (0 hours ago)
Motherboard: Winfast | | NF4(X)K8MC
Processor: AMD Athlon(tm) 64 Processor 4000+ | Socket 939 | 2412/194mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 182 GiB total, 32.094 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.435 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA(R) nForce(TM) Audio Codec Interface
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Manufacturer: NVIDIA Corporation
Name: NVIDIA(R) nForce(TM) Audio Codec Interface
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Service: nvax
==== System Restore Points ===================
RP1: 6/1/2010 2:14:38 AM - System Checkpoint
RP2: 6/3/2010 9:22:59 AM - ComboFix created restore point
RP3: 6/8/2010 12:38:34 AM - System Checkpoint
RP4: 6/10/2010 11:59:29 AM - ComboFix created restore point
RP5: 6/11/2010 11:54:31 PM - Software Distribution Service 3.0
RP6: 6/12/2010 9:48:25 PM - Software Distribution Service 3.0
RP7: 6/13/2010 11:37:24 AM - Software Distribution Service 3.0
RP8: 6/15/2010 3:29:12 AM - System Checkpoint
RP9: 6/16/2010 3:49:32 AM - System Checkpoint
RP10: 6/17/2010 4:06:37 AM - System Checkpoint
RP11: 6/18/2010 4:25:38 AM - System Checkpoint
RP12: 6/19/2010 5:24:56 AM - System Checkpoint
RP13: 6/20/2010 5:25:37 AM - System Checkpoint
RP14: 6/21/2010 5:53:05 AM - System Checkpoint
RP15: 6/22/2010 7:11:29 AM - System Checkpoint
RP16: 6/23/2010 8:38:45 PM - System Checkpoint
RP17: 6/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP18: 6/25/2010 9:30:33 PM - Removed Java(TM) 6 Update 7
RP19: 6/25/2010 9:31:28 PM - Removed Java(TM) 6 Update 13
RP20: 6/25/2010 9:34:36 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP21: 6/25/2010 9:45:39 PM - Installed Java(TM) 6 Update 20
RP22: 6/27/2010 11:54:23 AM - System Checkpoint
RP23: 6/28/2010 12:27:17 PM - System Checkpoint
RP24: 6/29/2010 12:27:27 PM - System Checkpoint
RP25: 6/30/2010 1:36:24 PM - System Checkpoint
RP26: 7/1/2010 2:27:34 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92PP Soft Modem
Alesis io|2 ASIO Driver
Amazon MP3 Downloader 1.0.5
America Online (Choose which version to remove)
ANIO Service
ANIWZCS2 Service
Any Video Converter 3.0.5
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
AT&T Yahoo! Internet Mail
Athlon 64 Processor Driver
AVI DivX to DVD SVCD VCD Converter 4.0.0322
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Connect
ConvertXtoDVD 3.5.1.135
Critical Update for Windows Media Player 11 (KB959772)
DebugMode Wax 2.0
Digital Media Reader
DVD Solution
EAX4 Unified Redist
GmoteServer
GTK+ Runtime 2.12.8 rev a (remove only)
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.0
HP Software Update
iTunes
Java Auto Updater
Java(TM) 6 Update 20
kuler
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
Napster Burn Engine
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NvMixer
OpenOffice.org 3.0
Overland
PDF Settings CS4
Photoshop Camera Raw
Photosmart 320,370,7400,8100,8400 Series
Pidgin
Pixel Bender Toolkit
Power2Go 4.0
PowerDVD
PS8100
PSPrinters06
Pure Networks Port Magic
QFolder
QuickTime
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Encoders
Steinberg Cubase LE 4
Suite Shared Configuration CS4
SUPERAntiSpyware
Syncrosoft License Control
Tom Clancy's Splinter Cell Double Agent
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoCam Suite 2.0
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Wireless G WUA-1340
WIZ1x0_105SR Configtool
Yahoo! Install Manager
==== Event Viewer Messages From Past Week ========
7/2/2010 1:48:39 AM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2010 9:38:11 PM, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 00195B7E149F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/25/2010 9:23:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/25/2010 9:23:24 PM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 00195B7E149F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Hello chrisbattista03
Thank you for the log.
It looks as though you have picked up that bad proxy again.
Please do the following:
Please work through the following steps
Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
Copy and Paste the text in the quotebox below into the open Notepad window:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
Close any open browsers.
Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Refering to the picture below, drag CFScript.txt into ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Once the log is produced, re-engage your resident anti virus.
MBAM
Please run MBAM again and post the log created.
Security Check
Please download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe) and save the file (called securitycheck.exe) to your desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
Please provide the ComboFix log, the MBAM log and the Security Check log in your next reply.
Also, please let me know if you are experiencing any problems with your machine.
chrisbattista03
2010-07-07, 05:59
I'm sorry about the delay, i will have these 3 logs for you in the next day.
chrisbattista03
2010-07-09, 17:13
ComboFix 10-07-07.02 - Owner 07/08/2010 21:02:59.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.660 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\chrisbatista.exe
Command switches used :: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\CFScript
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\jna6351437922827452541.tmp
c:\documents and settings\Owner.YOUR-92C8B56D4E\Local Settings\temp\jna6351437922827452541.tmp
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-02 05:48 . 2010-07-02 05:48 -------- d-----w- C:\_OTM
2010-06-26 01:46 . 2010-06-26 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-26 01:46 . 2010-06-26 01:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 05:14 . 2010-06-21 05:14 -------- d-----w- C:\Rooter$
2010-06-19 12:15 . 2010-06-19 12:15 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com
2010-06-19 12:15 . 2010-06-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 12:14 . 2010-06-19 12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 01:57 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 01:57 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 01:49 . 2010-06-13 01:49 -------- d-----w- C:\53d6fe556a3c2073a1b0bc57
2010-06-12 04:00 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 03:59 . 2010-06-12 03:59 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Local Settings\Application Data\PCHealth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 01:13 . 2009-10-07 04:12 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Gmote
2010-06-26 01:46 . 2010-06-26 01:46 503808 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\msvcp71.dll
2010-06-26 01:46 . 2010-06-26 01:46 499712 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\jmc.dll
2010-06-26 01:46 . 2010-06-26 01:46 348160 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\msvcr71.dll
2010-06-26 01:46 . 2010-06-26 01:46 61440 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2391829c-n\decora-sse.dll
2010-06-26 01:46 . 2010-06-26 01:46 12800 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2391829c-n\decora-d3d.dll
2010-06-19 12:15 . 2010-06-19 12:15 63488 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 12:15 . 2010-06-19 12:15 52224 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 12:15 . 2010-06-19 12:15 117760 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-13 01:58 . 2009-04-19 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 16:05 . 2009-02-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-06-09 18:56 . 2010-06-01 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATTTOOLBAR
2010-05-22 05:01 . 2010-05-22 05:01 -------- d-----w- c:\program files\Video Converter
2010-05-10 05:01 . 2010-05-10 05:01 -------- d-----w- c:\program files\DebugMode
2010-05-06 10:41 . 2006-07-16 04:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2006-07-16 04:22 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2006-07-16 04:19 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-12-01 09:54 . 2009-07-15 01:19 626688 ----a-w- c:\program files\Common Files\MSVCR80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\
GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2009-10-7 451584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-07-19 07:02 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-12-09 00:57 550912 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 16:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1210028400\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 05:09 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 05:09 659456 ----a-w- c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 05:09 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 21:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-10-07 22:53 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 01:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 17:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1210028400\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\GmoteServer\\GmoteServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"8889:TCP"= 8889:TCP:gmote
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/15/2009 12:29 PM 14976]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 7:03 AM 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [7/5/2009 10:05 PM 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-07-09 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-09-21 05:09]
2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{E34E5590-8C9C-42F3-BC91-59BF3E840393}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 21:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3171649797-3824822186-616433660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,88,2d,03,2f,8a,15,1b,76,b4,15,18,ff,c0,64,ff,1a,bc,ec,cd,ed,0b,c1,
f5,bd,4f,8a,bb,3a,38,30,2e,e7,ef,17,e8,21,c4,c6,14,53,07,06,6b,4a,2a,c7,76,\
"??"=hex:1d,14,7d,cb,f4,2d,95,98,8e,a0,bb,e4,ae,71,f6,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-07-08 21:23:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 01:22
ComboFix2.txt 2010-06-10 16:23
ComboFix3.txt 2010-06-09 19:00
ComboFix4.txt 2010-06-03 13:33
ComboFix5.txt 2010-07-09 00:59
Pre-Run: 33,369,489,408 bytes free
Post-Run: 33,615,454,208 bytes free
- - End Of File - - 0FD244EC13DF6B1992816643F35007A6
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4294
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
7/9/2010 1:30:15 AM
mbam-log-2010-07-09 (01-30-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 324700
Time elapsed: 3 hour(s), 59 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!! (http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Hello chrisbattista03
Thank you for the log.
You have bad proxy on board that refuses to leave. Every time we remove it, it manages to find its way back onto your system.
Is this a networked machine?
chrisbattista03
2010-07-11, 08:09
Yes. in 2 cases.
On MY home network which i was using when the infection first showed up, the wifi is WEP key and i have my desktop, laptop, PS3, satellite box, TiVo and G1 cellphone accessing the network.
my internet was shut off last week when I went AWOL on you. for the last 4 days i have been using a neighbors open wifi. I own a desktop and a laptop that connect to it.. I couldn't tell you what else is on this particular network as I don't know whose it is and I can't find any other devices connected to it.
Hello chrisbattista03
for the last 4 days i have been using a neighbors open wifi
I couldn't tell you what else is on this particular network as I don't know whose it is and I can't find any other devices connected to it.
Not only did you have cracked/keygened files on your system, but you now freely admit to using someone elses network without knowing who it belongs to.
Since you do not know who is actually paying for this network it is my belief that you did not seek permission to use it.
Furthermore, since you connected your infected systems to this (unknown) network, the chances are very high that you have transferred your infections to the machines owned by the person who you "do not know".
For these reasons I cannot continue assisting you.
This thread is now closed.