View Full Version : Infected with Windows Protection Servive Virus
luckywayne
2010-06-10, 23:52
Hello,
It seems that I have picked up a virus that has installed a program called Windows protection Service. It ahs also taken control of my ability to view the task manager or run any executables without my system being in safe-mode. I also am having problems with internet searches as I am being redirected constantly.
I did run Spybot and also Malware on my maching before I posted here, the latter seemed to clean up the entries, however, it just reinstalls itself when I reboot.
Here is the DDS file that I just ran. I thank you in advance for any help that you can provide.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Wayne at 17:35:54.09 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1638 [GMT -4:00]
AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Wayne\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\wayne\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wayne\applic~1\mozilla\firefox\profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - plugin: c:\documents and settings\wayne\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\wayne\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-17 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-17 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-17 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-11-17 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-11 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-11-17 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-14 85504]
=============== Created Last 30 ================
2010-06-10 21:00:24 54016 ----a-w- c:\windows\system32\drivers\gciaeh.sys
2010-06-10 20:44:45 0 d-----w- c:\docume~1\wayne\applic~1\Malwarebytes
2010-06-10 20:44:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 20:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 20:26:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-06-10 20:19:21 397 ----a-w- c:\windows\wininit.ini
2010-06-10 17:41:16 0 d-----w- c:\docume~1\wayne\applic~1\Pogo Games
2010-06-10 17:08:35 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:41:30 0 d-----w- c:\program files\Search Toolbar
2010-06-10 16:21:12 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21:11 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08:27 9 ----a-w- c:\windows\sierra.ini
2010-06-08 17:08:26 0 d-----w- c:\program files\Sierra On-Line
2010-06-05 17:52:40 0 d-----w- c:\docume~1\wayne\applic~1\EA
2010-06-05 17:52:40 0 d-----w- c:\docume~1\alluse~1\applic~1\EA
2010-06-05 17:52:24 0 d-----w- c:\program files\Pogo To Go
2010-06-05 03:07:39 0 d-----w- c:\program files\ToGo Game
2010-06-03 19:44:01 0 d-----w- c:\docume~1\wayne\applic~1\funkitron
2010-06-03 19:42:09 0 d-----w- c:\windows\Slingo Mystery Whos Gold
2010-06-03 19:42:09 0 d-----w- c:\program files\Slingo Mystery Whos Gold
2010-05-23 08:38:28 0 d-----w- c:\program files\VideoLAN
2010-05-23 08:00:36 0 d-----w- c:\program files\Ask.com
2010-05-23 08:00:31 0 d-----w- c:\program files\common files\SourceTec
2010-05-19 15:49:40 0 d-----w- C:\Poker
==================== Find3M ====================
2010-03-16 07:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 07:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 07:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 07:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 07:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 07:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51:59 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51:59 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51:59 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51:59 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51:59 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51:59 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51:59 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51:59 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51:59 1097728 ----a-w- c:\windows\system32\nvapi.dll
============= FINISH: 17:38:01.98 ===============
Hi luckywayne
Please post also contents of Attach.txt :)
luckywayne
2010-06-14, 20:38
Hey Shaba, thanks for taking my problem on. Here is the info:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 7:59:13 AM
System Uptime: 6/10/2010 5:34:48 PM (0 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 368 GiB total, 105.437 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:
==== System Restore Points ===================
RP460: 3/12/2010 3:54:59 PM - System Checkpoint
RP461: 3/13/2010 10:21:25 PM - System Checkpoint
RP462: 3/15/2010 5:10:50 AM - System Checkpoint
RP463: 3/16/2010 12:18:08 PM - System Checkpoint
RP464: 3/17/2010 1:22:54 PM - System Checkpoint
RP465: 3/18/2010 1:47:24 PM - System Checkpoint
RP466: 3/19/2010 1:50:26 PM - System Checkpoint
RP467: 3/20/2010 3:49:37 PM - System Checkpoint
RP468: 3/21/2010 3:50:26 PM - System Checkpoint
RP469: 3/22/2010 7:16:01 PM - System Checkpoint
RP470: 3/23/2010 7:17:16 PM - System Checkpoint
RP471: 3/24/2010 7:22:24 PM - System Checkpoint
RP472: 3/26/2010 6:05:16 PM - System Checkpoint
RP473: 3/27/2010 7:47:37 PM - System Checkpoint
RP474: 3/28/2010 7:48:59 PM - System Checkpoint
RP475: 3/29/2010 7:54:51 PM - System Checkpoint
RP476: 3/31/2010 6:26:04 AM - System Checkpoint
RP477: 4/1/2010 9:55:00 PM - System Checkpoint
RP478: 4/3/2010 12:23:10 AM - System Checkpoint
RP479: 4/4/2010 4:53:08 AM - System Checkpoint
RP480: 4/5/2010 1:38:32 PM - System Checkpoint
RP481: 4/7/2010 3:53:01 AM - System Checkpoint
RP482: 4/8/2010 5:28:13 AM - System Checkpoint
RP483: 4/9/2010 9:03:32 PM - System Checkpoint
RP484: 4/11/2010 2:29:17 AM - System Checkpoint
RP485: 4/12/2010 7:00:49 PM - System Checkpoint
RP486: 4/13/2010 7:31:37 PM - System Checkpoint
RP487: 4/14/2010 8:24:13 PM - System Checkpoint
RP488: 4/15/2010 8:48:44 PM - System Checkpoint
RP489: 4/17/2010 6:11:54 AM - System Checkpoint
RP490: 4/18/2010 6:40:18 AM - System Checkpoint
RP491: 4/19/2010 7:23:44 AM - System Checkpoint
RP492: 4/20/2010 7:47:42 AM - System Checkpoint
RP493: 4/21/2010 8:10:00 AM - System Checkpoint
RP494: 4/22/2010 9:10:00 AM - System Checkpoint
RP495: 4/23/2010 12:44:15 PM - System Checkpoint
RP496: 4/24/2010 2:59:05 PM - System Checkpoint
RP497: 4/25/2010 4:26:58 PM - System Checkpoint
RP498: 4/26/2010 4:46:43 PM - System Checkpoint
RP499: 4/27/2010 6:06:46 PM - System Checkpoint
RP500: 4/28/2010 7:08:14 PM - System Checkpoint
RP501: 4/29/2010 7:46:43 PM - System Checkpoint
RP502: 4/30/2010 8:58:37 PM - System Checkpoint
RP503: 5/1/2010 9:46:37 PM - System Checkpoint
RP504: 5/3/2010 12:41:15 AM - System Checkpoint
RP505: 5/4/2010 12:49:13 AM - System Checkpoint
RP506: 5/5/2010 2:01:23 AM - System Checkpoint
RP507: 5/6/2010 3:02:32 AM - System Checkpoint
RP508: 5/7/2010 3:14:33 AM - System Checkpoint
RP509: 5/8/2010 5:33:36 AM - System Checkpoint
RP510: 5/9/2010 7:34:01 AM - System Checkpoint
RP511: 5/10/2010 8:13:43 AM - System Checkpoint
RP512: 5/11/2010 8:18:05 AM - System Checkpoint
RP513: 5/12/2010 9:13:21 AM - System Checkpoint
RP514: 5/13/2010 11:37:01 AM - System Checkpoint
RP515: 5/14/2010 11:37:06 AM - System Checkpoint
RP516: 5/15/2010 12:13:45 PM - System Checkpoint
RP517: 5/16/2010 1:40:44 PM - System Checkpoint
RP518: 5/17/2010 3:09:26 PM - System Checkpoint
RP519: 5/18/2010 8:50:42 PM - System Checkpoint
RP520: 5/19/2010 9:37:30 PM - System Checkpoint
RP521: 5/21/2010 1:27:36 AM - System Checkpoint
RP522: 5/22/2010 1:44:23 AM - System Checkpoint
RP523: 5/23/2010 1:49:30 AM - System Checkpoint
RP524: 5/24/2010 3:11:13 AM - System Checkpoint
RP525: 5/25/2010 3:50:16 AM - System Checkpoint
RP526: 5/26/2010 4:50:16 AM - System Checkpoint
RP527: 5/27/2010 5:40:40 AM - System Checkpoint
RP528: 5/28/2010 6:04:40 AM - System Checkpoint
RP529: 5/29/2010 6:28:41 AM - System Checkpoint
RP530: 5/30/2010 8:53:48 AM - System Checkpoint
RP531: 5/31/2010 10:00:15 AM - System Checkpoint
RP532: 6/1/2010 6:33:12 PM - System Checkpoint
RP533: 6/2/2010 7:08:21 PM - System Checkpoint
RP534: 6/4/2010 4:26:01 AM - System Checkpoint
RP535: 6/4/2010 11:07:39 PM - Installed Lemonade Tycoon 2 - New York City
RP536: 6/5/2010 1:49:06 PM - Installed Air Strike 3D
RP537: 6/5/2010 1:52:24 PM - Installed Casino Island To Go
RP538: 6/6/2010 2:54:15 PM - System Checkpoint
RP539: 6/7/2010 5:55:27 PM - System Checkpoint
RP540: 6/8/2010 12:05:03 AM - Installed Slingo Quest
RP541: 6/9/2010 3:35:25 AM - System Checkpoint
RP542: 6/10/2010 8:47:13 AM - System Checkpoint
RP543: 6/10/2010 4:27:27 PM - Restore Operation
RP544: 6/10/2010 5:15:34 PM - Software Distribution Service 3.0
==== Installed Programs ======================
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
AIM Toolbar
Air Strike 3D
Apple Application Support
Apple Software Update
Ask Toolbar
AutoUpdate
Battleship
Big Money Deluxe 1.3
Casino Island To Go
CDBurnerXP
Cheat Engine 5.4
Creative Audio Console
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
Download Updater (AOL LLC)
DraftDominator Version 10.0m Full
Dragon Age: Origins
Fishdom H20 - Hidden Odyssey (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker
Futuremark SystemInfo
GIMP 2.6.3
Google Chrome
Google Toolbar for Internet Explorer
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Inkscape 0.46
Install(US)2
Java Auto Updater
Java(TM) 6 Update 18
LEGO Star Wars II
Lemonade Tycoon 2 - New York City
Lottso! Deluxe
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Move Media Player
Mozilla Firefox (3.0.10)
MSN Toolbar
MSN Toolbar Platform
Nancy Drew: Secrets Can Kill
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Online Armor 3.0
PC Pitstop Driver Alert2 2.0.0.0
PeaZip 2.6
PlayFLV
PokerStars
PopCap Browser Plugin
PowerDVD
QuickTime
RealArcade
Runes of Magic
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Slingo Mystery Whos Gold
Slingo Quest
Sothink FLV Player
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.15
Ventrilo Client
Veoh Video Compass
Veoh Web Player
Verizon Help and Support Tool
Viewpoint Media Player
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winner Poker
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
6/9/2010 3:02:11 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001111B84F40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/9/2010 12:36:14 PM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
6/9/2010 12:36:14 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
6/10/2010 5:29:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
6/10/2010 4:25:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OADevice
6/10/2010 4:24:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2010 3:46:27 PM, error: Service Control Manager [7034] - The Online Armor Helper Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
DNA
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Uninstall also this:
Ask Toolbar
Please run a new DDS log scan when finished and post the logs back here.
luckywayne
2010-06-15, 07:51
Alrighty, all 3 uninstalled. Here are the new DDS reports:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Wayne at 1:48:04.75 on Tue 06/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1473 [GMT -4:00]
AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Wayne\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\wayne\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wayne\applic~1\mozilla\firefox\profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - plugin: c:\documents and settings\wayne\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\wayne\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-17 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-17 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-17 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-11-17 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-11 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-11-17 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-14 85504]
=============== Created Last 30 ================
2010-06-10 21:00:24 54016 ----a-w- c:\windows\system32\drivers\gciaeh.sys
2010-06-10 20:44:45 0 d-----w- c:\docume~1\wayne\applic~1\Malwarebytes
2010-06-10 20:44:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 20:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 20:26:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-06-10 20:19:21 397 ----a-w- c:\windows\wininit.ini
2010-06-10 17:41:16 0 d-----w- c:\docume~1\wayne\applic~1\Pogo Games
2010-06-10 17:08:35 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:41:30 0 d-----w- c:\program files\Search Toolbar
2010-06-10 16:21:12 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21:11 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08:27 9 ----a-w- c:\windows\sierra.ini
2010-06-08 17:08:26 0 d-----w- c:\program files\Sierra On-Line
2010-06-05 17:52:40 0 d-----w- c:\docume~1\wayne\applic~1\EA
2010-06-05 17:52:40 0 d-----w- c:\docume~1\alluse~1\applic~1\EA
2010-06-05 17:52:24 0 d-----w- c:\program files\Pogo To Go
2010-06-05 03:07:39 0 d-----w- c:\program files\ToGo Game
2010-06-03 19:44:01 0 d-----w- c:\docume~1\wayne\applic~1\funkitron
2010-06-03 19:42:09 0 d-----w- c:\windows\Slingo Mystery Whos Gold
2010-06-03 19:42:09 0 d-----w- c:\program files\Slingo Mystery Whos Gold
2010-05-23 08:38:28 0 d-----w- c:\program files\VideoLAN
2010-05-23 08:00:31 0 d-----w- c:\program files\common files\SourceTec
2010-05-19 15:49:40 0 d-----w- C:\Poker
==================== Find3M ====================
============= FINISH: 1:48:28.96 ===============
Sorry for delay.
Please copy/paste attach.txt to your next reply :)
luckywayne
2010-06-17, 06:10
No worries, here is the Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 7:59:13 AM
System Uptime: 6/10/2010 5:34:48 PM (104 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 368 GiB total, 105.39 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:
==== System Restore Points ===================
RP464: 3/17/2010 1:22:54 PM - System Checkpoint
RP465: 3/18/2010 1:47:24 PM - System Checkpoint
RP466: 3/19/2010 1:50:26 PM - System Checkpoint
RP467: 3/20/2010 3:49:37 PM - System Checkpoint
RP468: 3/21/2010 3:50:26 PM - System Checkpoint
RP469: 3/22/2010 7:16:01 PM - System Checkpoint
RP470: 3/23/2010 7:17:16 PM - System Checkpoint
RP471: 3/24/2010 7:22:24 PM - System Checkpoint
RP472: 3/26/2010 6:05:16 PM - System Checkpoint
RP473: 3/27/2010 7:47:37 PM - System Checkpoint
RP474: 3/28/2010 7:48:59 PM - System Checkpoint
RP475: 3/29/2010 7:54:51 PM - System Checkpoint
RP476: 3/31/2010 6:26:04 AM - System Checkpoint
RP477: 4/1/2010 9:55:00 PM - System Checkpoint
RP478: 4/3/2010 12:23:10 AM - System Checkpoint
RP479: 4/4/2010 4:53:08 AM - System Checkpoint
RP480: 4/5/2010 1:38:32 PM - System Checkpoint
RP481: 4/7/2010 3:53:01 AM - System Checkpoint
RP482: 4/8/2010 5:28:13 AM - System Checkpoint
RP483: 4/9/2010 9:03:32 PM - System Checkpoint
RP484: 4/11/2010 2:29:17 AM - System Checkpoint
RP485: 4/12/2010 7:00:49 PM - System Checkpoint
RP486: 4/13/2010 7:31:37 PM - System Checkpoint
RP487: 4/14/2010 8:24:13 PM - System Checkpoint
RP488: 4/15/2010 8:48:44 PM - System Checkpoint
RP489: 4/17/2010 6:11:54 AM - System Checkpoint
RP490: 4/18/2010 6:40:18 AM - System Checkpoint
RP491: 4/19/2010 7:23:44 AM - System Checkpoint
RP492: 4/20/2010 7:47:42 AM - System Checkpoint
RP493: 4/21/2010 8:10:00 AM - System Checkpoint
RP494: 4/22/2010 9:10:00 AM - System Checkpoint
RP495: 4/23/2010 12:44:15 PM - System Checkpoint
RP496: 4/24/2010 2:59:05 PM - System Checkpoint
RP497: 4/25/2010 4:26:58 PM - System Checkpoint
RP498: 4/26/2010 4:46:43 PM - System Checkpoint
RP499: 4/27/2010 6:06:46 PM - System Checkpoint
RP500: 4/28/2010 7:08:14 PM - System Checkpoint
RP501: 4/29/2010 7:46:43 PM - System Checkpoint
RP502: 4/30/2010 8:58:37 PM - System Checkpoint
RP503: 5/1/2010 9:46:37 PM - System Checkpoint
RP504: 5/3/2010 12:41:15 AM - System Checkpoint
RP505: 5/4/2010 12:49:13 AM - System Checkpoint
RP506: 5/5/2010 2:01:23 AM - System Checkpoint
RP507: 5/6/2010 3:02:32 AM - System Checkpoint
RP508: 5/7/2010 3:14:33 AM - System Checkpoint
RP509: 5/8/2010 5:33:36 AM - System Checkpoint
RP510: 5/9/2010 7:34:01 AM - System Checkpoint
RP511: 5/10/2010 8:13:43 AM - System Checkpoint
RP512: 5/11/2010 8:18:05 AM - System Checkpoint
RP513: 5/12/2010 9:13:21 AM - System Checkpoint
RP514: 5/13/2010 11:37:01 AM - System Checkpoint
RP515: 5/14/2010 11:37:06 AM - System Checkpoint
RP516: 5/15/2010 12:13:45 PM - System Checkpoint
RP517: 5/16/2010 1:40:44 PM - System Checkpoint
RP518: 5/17/2010 3:09:26 PM - System Checkpoint
RP519: 5/18/2010 8:50:42 PM - System Checkpoint
RP520: 5/19/2010 9:37:30 PM - System Checkpoint
RP521: 5/21/2010 1:27:36 AM - System Checkpoint
RP522: 5/22/2010 1:44:23 AM - System Checkpoint
RP523: 5/23/2010 1:49:30 AM - System Checkpoint
RP524: 5/24/2010 3:11:13 AM - System Checkpoint
RP525: 5/25/2010 3:50:16 AM - System Checkpoint
RP526: 5/26/2010 4:50:16 AM - System Checkpoint
RP527: 5/27/2010 5:40:40 AM - System Checkpoint
RP528: 5/28/2010 6:04:40 AM - System Checkpoint
RP529: 5/29/2010 6:28:41 AM - System Checkpoint
RP530: 5/30/2010 8:53:48 AM - System Checkpoint
RP531: 5/31/2010 10:00:15 AM - System Checkpoint
RP532: 6/1/2010 6:33:12 PM - System Checkpoint
RP533: 6/2/2010 7:08:21 PM - System Checkpoint
RP534: 6/4/2010 4:26:01 AM - System Checkpoint
RP535: 6/4/2010 11:07:39 PM - Installed Lemonade Tycoon 2 - New York City
RP536: 6/5/2010 1:49:06 PM - Installed Air Strike 3D
RP537: 6/5/2010 1:52:24 PM - Installed Casino Island To Go
RP538: 6/6/2010 2:54:15 PM - System Checkpoint
RP539: 6/7/2010 5:55:27 PM - System Checkpoint
RP540: 6/8/2010 12:05:03 AM - Installed Slingo Quest
RP541: 6/9/2010 3:35:25 AM - System Checkpoint
RP542: 6/10/2010 8:47:13 AM - System Checkpoint
RP543: 6/10/2010 4:27:27 PM - Restore Operation
RP544: 6/10/2010 5:15:34 PM - Software Distribution Service 3.0
RP545: 6/11/2010 5:59:32 PM - System Checkpoint
RP546: 6/12/2010 6:39:02 PM - System Checkpoint
RP547: 6/13/2010 7:03:03 PM - System Checkpoint
RP548: 6/14/2010 7:15:01 PM - System Checkpoint
RP549: 6/15/2010 1:46:05 AM - Removed Ask Toolbar.
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
AIM Toolbar
Air Strike 3D
Apple Application Support
Apple Software Update
AutoUpdate
Battleship
Casino Island To Go
CDBurnerXP
Cheat Engine 5.4
Creative Audio Console
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DraftDominator Version 10.0m Full
Dragon Age: Origins
Fishdom H20 - Hidden Odyssey (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker
Futuremark SystemInfo
GIMP 2.6.3
Google Chrome
Google Toolbar for Internet Explorer
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Inkscape 0.46
Install(US)2
Java Auto Updater
Java(TM) 6 Update 18
LEGO Star Wars II
Lemonade Tycoon 2 - New York City
Lottso! Deluxe
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Move Media Player
Mozilla Firefox (3.0.10)
MSN Toolbar
MSN Toolbar Platform
Nancy Drew: Secrets Can Kill
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Online Armor 3.0
PC Pitstop Driver Alert2 2.0.0.0
PeaZip 2.6
PlayFLV
PokerStars
PopCap Browser Plugin
PowerDVD
QuickTime
RealArcade
Runes of Magic
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Slingo Mystery Whos Gold
Slingo Quest
Sothink FLV Player
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.15
Ventrilo Client
Veoh Video Compass
Veoh Web Player
Verizon Help and Support Tool
Viewpoint Media Player
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winner Poker
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
6/9/2010 3:02:11 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001111B84F40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/9/2010 12:36:14 PM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
6/9/2010 12:36:14 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
6/15/2010 1:46:07 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/10/2010 5:29:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
6/10/2010 4:25:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OADevice
6/10/2010 4:24:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2010 3:46:27 PM, error: Service Control Manager [7034] - The Online Armor Helper Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh DDS log.
luckywayne
2010-06-18, 11:51
Here is the combofix log:
ComboFix 10-06-17.02 - Wayne 06/18/2010 0:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1578 [GMT -4:00]
Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\windows\system32\win.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PRAGMATQENVRXMBC
-------\Service_PRAGMAtqenvrxmbc
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-10 21:00 . 2010-06-10 21:00 54016 ----a-w- c:\windows\system32\drivers\gciaeh.sys
2010-06-10 20:44 . 2010-06-10 20:44 -------- d-----w- c:\documents and settings\Wayne\Application Data\Malwarebytes
2010-06-10 20:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44 . 2010-06-10 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44 . 2010-06-10 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 20:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 17:41 . 2010-06-10 17:41 -------- d-----w- c:\documents and settings\Wayne\Application Data\Pogo Games
2010-06-10 17:08 . 2010-06-10 17:08 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:21 . 2010-06-10 16:21 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21 . 2010-06-10 17:08 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08 . 2010-06-08 17:08 -------- d-----w- c:\program files\Sierra On-Line
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\documents and settings\Wayne\Application Data\EA
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\program files\Pogo To Go
2010-06-05 03:07 . 2010-06-08 04:05 -------- d-----w- c:\program files\ToGo Game
2010-06-04 04:33 . 2010-06-04 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-06-04 04:33 . 2010-06-04 04:33 -------- d-----w- c:\documents and settings\Wayne\Application Data\PlayFirst
2010-06-03 19:44 . 2010-06-08 04:43 -------- d-----w- c:\documents and settings\Wayne\Application Data\funkitron
2010-06-03 19:42 . 2010-06-03 19:43 -------- d-----w- c:\program files\Slingo Mystery Whos Gold
2010-06-03 19:42 . 2010-06-03 19:42 -------- d-----w- c:\windows\Slingo Mystery Whos Gold
2010-05-23 08:39 . 2010-06-17 11:50 -------- d-----w- c:\documents and settings\Wayne\Application Data\vlc
2010-05-23 08:38 . 2010-05-23 08:38 -------- d-----w- c:\program files\VideoLAN
2010-05-23 08:00 . 2010-05-23 08:00 -------- d-----w- c:\program files\Common Files\SourceTec
2010-05-19 15:49 . 2010-05-19 15:49 -------- d-----w- C:\Poker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 04:48 . 2008-11-22 05:26 -------- d-----w- c:\program files\Cheat Engine
2010-06-15 05:44 . 2009-01-07 07:40 -------- d-----w- c:\program files\uTorrent
2010-06-15 05:44 . 2009-01-07 07:40 -------- d-----w- c:\documents and settings\Wayne\Application Data\uTorrent
2010-06-14 19:55 . 2009-01-05 03:12 -------- d-----w- c:\program files\PokerStars
2010-06-10 20:26 . 2010-02-09 22:39 -------- d-----w- c:\program files\Oberon Media
2010-06-10 18:11 . 2010-02-09 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-10 16:41 . 2010-06-10 16:41 84480 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
2010-06-10 16:41 . 2010-06-10 16:41 56832 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
2010-06-10 16:41 . 2010-06-10 16:41 42496 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
2010-06-10 16:41 . 2010-06-10 16:41 41984 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
2010-06-10 16:41 . 2010-06-10 16:41 301568 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
2010-06-10 16:41 . 2010-06-10 16:41 2767360 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
2010-06-10 16:41 . 2010-06-10 16:41 152664 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe
2010-06-08 16:33 . 2009-05-26 15:50 -------- d-----w- c:\program files\PeaZip
2010-05-24 13:38 . 2009-05-18 04:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-23 22:11 . 2010-05-23 22:11 61440 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70667c92-n\decora-sse.dll
2010-05-23 22:11 . 2010-05-23 22:11 503808 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\msvcp71.dll
2010-05-23 22:11 . 2010-05-23 22:11 499712 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\jmc.dll
2010-05-23 22:11 . 2010-05-23 22:11 348160 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\msvcr71.dll
2010-05-23 22:11 . 2010-05-23 22:11 12800 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70667c92-n\decora-d3d.dll
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\documents and settings\Wayne\Application Data\Canneverbe Limited
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\program files\CDBurnerXP
2010-05-02 14:33 . 2010-05-02 14:33 -------- d-----w- c:\program files\QuickTime
2010-05-02 14:33 . 2009-01-17 05:55 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 14:32 . 2010-05-02 14:32 -------- d-----w- c:\program files\Safari
2010-05-02 14:31 . 2010-05-02 14:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-25 00:48 . 2009-05-26 15:50 -------- d-----w- c:\documents and settings\Wayne\Application Data\PeaZip
2010-04-22 13:17 . 2009-04-29 18:26 -------- d-----w- c:\documents and settings\Wayne\Application Data\LimeWire
2010-04-22 03:30 . 2010-04-22 03:29 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-04-22 03:30 . 2010-04-22 03:30 -------- d-----w- c:\program files\Microsoft
2010-04-22 03:30 . 2010-04-22 03:30 -------- d-----w- c:\program files\MSN Toolbar
2010-04-22 03:29 . 2010-04-22 03:29 -------- d-----w- c:\program files\Veoh Networks
2010-04-20 21:23 . 2008-12-28 02:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-20 21:06 . 2010-04-20 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-20 03:21 . 2010-04-20 03:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 39408]
"Google Update"="c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-14 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-25 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Wayne\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-06-27 22:24 19456 ----a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-14 18:33 133104 ----atw- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 07:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-03-16 07:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-25 16:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [11/17/2008 5:42 AM 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [11/17/2008 5:42 AM 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [11/17/2008 5:42 AM 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [11/17/2008 5:42 AM 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 5:20 PM 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\Wayne\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Wayne\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/25/2009 3:16 AM 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [11/17/2008 5:42 AM 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [9/14/2009 8:29 AM 85504]
.
Contents of the 'Scheduled Tasks' folder
2010-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1425521274-839522115-1004Core.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 18:33]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1425521274-839522115-1004UA.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 18:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 00:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-18 01:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-18 04:59
Pre-Run: 116,905,127,936 bytes free
Post-Run: 118,799,069,184 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 45F5292B40F33B29103C3F171AF30880
Please post also a fresh DDS log :)
luckywayne
2010-06-21, 04:37
Here are the fresh logs, I'll use 2 posts
DDS (Ver_10-03-17.01) - NTFSx86
Run by Wayne at 22:36:04.03 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1357 [GMT -4:00]
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wayne\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\wayne\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wayne\applic~1\mozilla\firefox\profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-17 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-17 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-17 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-11-17 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-11 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-11-17 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-14 85504]
=============== Created Last 30 ================
2010-06-18 04:38:22 0 d-sha-r- C:\cmdcons
2010-06-18 04:34:44 98816 ----a-w- c:\windows\sed.exe
2010-06-18 04:34:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-18 04:34:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-18 04:34:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-18 04:34:36 0 d-----w- C:\ComboFix
2010-06-10 21:00:24 54016 ----a-w- c:\windows\system32\drivers\gciaeh.sys
2010-06-10 20:44:45 0 d-----w- c:\docume~1\wayne\applic~1\Malwarebytes
2010-06-10 20:44:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 20:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 20:19:21 397 ----a-w- c:\windows\wininit.ini
2010-06-10 17:41:16 0 d-----w- c:\docume~1\wayne\applic~1\Pogo Games
2010-06-10 17:08:35 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:21:12 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21:11 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08:27 9 ----a-w- c:\windows\sierra.ini
2010-06-08 17:08:26 0 d-----w- c:\program files\Sierra On-Line
2010-06-05 17:52:40 0 d-----w- c:\docume~1\wayne\applic~1\EA
2010-06-05 17:52:40 0 d-----w- c:\docume~1\alluse~1\applic~1\EA
2010-06-05 17:52:24 0 d-----w- c:\program files\Pogo To Go
2010-06-05 03:07:39 0 d-----w- c:\program files\ToGo Game
2010-06-03 19:44:01 0 d-----w- c:\docume~1\wayne\applic~1\funkitron
2010-06-03 19:42:09 0 d-----w- c:\windows\Slingo Mystery Whos Gold
2010-06-03 19:42:09 0 d-----w- c:\program files\Slingo Mystery Whos Gold
2010-05-23 08:38:28 0 d-----w- c:\program files\VideoLAN
2010-05-23 08:00:31 0 d-----w- c:\program files\common files\SourceTec
==================== Find3M ====================
============= FINISH: 22:36:35.03 ===============
luckywayne
2010-06-21, 04:38
and the Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 7:59:13 AM
System Uptime: 6/18/2010 12:51:35 AM (70 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 368 GiB total, 110.545 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:
==== System Restore Points ===================
RP470: 3/23/2010 7:17:16 PM - System Checkpoint
RP471: 3/24/2010 7:22:24 PM - System Checkpoint
RP472: 3/26/2010 6:05:16 PM - System Checkpoint
RP473: 3/27/2010 7:47:37 PM - System Checkpoint
RP474: 3/28/2010 7:48:59 PM - System Checkpoint
RP475: 3/29/2010 7:54:51 PM - System Checkpoint
RP476: 3/31/2010 6:26:04 AM - System Checkpoint
RP477: 4/1/2010 9:55:00 PM - System Checkpoint
RP478: 4/3/2010 12:23:10 AM - System Checkpoint
RP479: 4/4/2010 4:53:08 AM - System Checkpoint
RP480: 4/5/2010 1:38:32 PM - System Checkpoint
RP481: 4/7/2010 3:53:01 AM - System Checkpoint
RP482: 4/8/2010 5:28:13 AM - System Checkpoint
RP483: 4/9/2010 9:03:32 PM - System Checkpoint
RP484: 4/11/2010 2:29:17 AM - System Checkpoint
RP485: 4/12/2010 7:00:49 PM - System Checkpoint
RP486: 4/13/2010 7:31:37 PM - System Checkpoint
RP487: 4/14/2010 8:24:13 PM - System Checkpoint
RP488: 4/15/2010 8:48:44 PM - System Checkpoint
RP489: 4/17/2010 6:11:54 AM - System Checkpoint
RP490: 4/18/2010 6:40:18 AM - System Checkpoint
RP491: 4/19/2010 7:23:44 AM - System Checkpoint
RP492: 4/20/2010 7:47:42 AM - System Checkpoint
RP493: 4/21/2010 8:10:00 AM - System Checkpoint
RP494: 4/22/2010 9:10:00 AM - System Checkpoint
RP495: 4/23/2010 12:44:15 PM - System Checkpoint
RP496: 4/24/2010 2:59:05 PM - System Checkpoint
RP497: 4/25/2010 4:26:58 PM - System Checkpoint
RP498: 4/26/2010 4:46:43 PM - System Checkpoint
RP499: 4/27/2010 6:06:46 PM - System Checkpoint
RP500: 4/28/2010 7:08:14 PM - System Checkpoint
RP501: 4/29/2010 7:46:43 PM - System Checkpoint
RP502: 4/30/2010 8:58:37 PM - System Checkpoint
RP503: 5/1/2010 9:46:37 PM - System Checkpoint
RP504: 5/3/2010 12:41:15 AM - System Checkpoint
RP505: 5/4/2010 12:49:13 AM - System Checkpoint
RP506: 5/5/2010 2:01:23 AM - System Checkpoint
RP507: 5/6/2010 3:02:32 AM - System Checkpoint
RP508: 5/7/2010 3:14:33 AM - System Checkpoint
RP509: 5/8/2010 5:33:36 AM - System Checkpoint
RP510: 5/9/2010 7:34:01 AM - System Checkpoint
RP511: 5/10/2010 8:13:43 AM - System Checkpoint
RP512: 5/11/2010 8:18:05 AM - System Checkpoint
RP513: 5/12/2010 9:13:21 AM - System Checkpoint
RP514: 5/13/2010 11:37:01 AM - System Checkpoint
RP515: 5/14/2010 11:37:06 AM - System Checkpoint
RP516: 5/15/2010 12:13:45 PM - System Checkpoint
RP517: 5/16/2010 1:40:44 PM - System Checkpoint
RP518: 5/17/2010 3:09:26 PM - System Checkpoint
RP519: 5/18/2010 8:50:42 PM - System Checkpoint
RP520: 5/19/2010 9:37:30 PM - System Checkpoint
RP521: 5/21/2010 1:27:36 AM - System Checkpoint
RP522: 5/22/2010 1:44:23 AM - System Checkpoint
RP523: 5/23/2010 1:49:30 AM - System Checkpoint
RP524: 5/24/2010 3:11:13 AM - System Checkpoint
RP525: 5/25/2010 3:50:16 AM - System Checkpoint
RP526: 5/26/2010 4:50:16 AM - System Checkpoint
RP527: 5/27/2010 5:40:40 AM - System Checkpoint
RP528: 5/28/2010 6:04:40 AM - System Checkpoint
RP529: 5/29/2010 6:28:41 AM - System Checkpoint
RP530: 5/30/2010 8:53:48 AM - System Checkpoint
RP531: 5/31/2010 10:00:15 AM - System Checkpoint
RP532: 6/1/2010 6:33:12 PM - System Checkpoint
RP533: 6/2/2010 7:08:21 PM - System Checkpoint
RP534: 6/4/2010 4:26:01 AM - System Checkpoint
RP535: 6/4/2010 11:07:39 PM - Installed Lemonade Tycoon 2 - New York City
RP536: 6/5/2010 1:49:06 PM - Installed Air Strike 3D
RP537: 6/5/2010 1:52:24 PM - Installed Casino Island To Go
RP538: 6/6/2010 2:54:15 PM - System Checkpoint
RP539: 6/7/2010 5:55:27 PM - System Checkpoint
RP540: 6/8/2010 12:05:03 AM - Installed Slingo Quest
RP541: 6/9/2010 3:35:25 AM - System Checkpoint
RP542: 6/10/2010 8:47:13 AM - System Checkpoint
RP543: 6/10/2010 4:27:27 PM - Restore Operation
RP544: 6/10/2010 5:15:34 PM - Software Distribution Service 3.0
RP545: 6/11/2010 5:59:32 PM - System Checkpoint
RP546: 6/12/2010 6:39:02 PM - System Checkpoint
RP547: 6/13/2010 7:03:03 PM - System Checkpoint
RP548: 6/14/2010 7:15:01 PM - System Checkpoint
RP549: 6/15/2010 1:46:05 AM - Removed Ask Toolbar.
RP550: 6/16/2010 2:04:34 AM - System Checkpoint
RP551: 6/17/2010 2:36:17 AM - System Checkpoint
RP552: 6/18/2010 2:55:50 AM - System Checkpoint
RP553: 6/19/2010 3:31:51 AM - System Checkpoint
RP554: 6/20/2010 3:55:51 AM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
AIM Toolbar
Air Strike 3D
Apple Application Support
Apple Software Update
AutoUpdate
Battleship
Casino Island To Go
CDBurnerXP
Cheat Engine 5.4
Creative Audio Console
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DraftDominator Version 10.0m Full
Dragon Age: Origins
Fishdom H20 - Hidden Odyssey (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker
Futuremark SystemInfo
GIMP 2.6.3
Google Chrome
Google Toolbar for Internet Explorer
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Inkscape 0.46
Install(US)2
Java Auto Updater
Java(TM) 6 Update 18
LEGO Star Wars II
Lemonade Tycoon 2 - New York City
Lottso! Deluxe
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Move Media Player
Mozilla Firefox (3.0.10)
MSN Toolbar
MSN Toolbar Platform
Nancy Drew: Secrets Can Kill
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Online Armor 3.0
PC Pitstop Driver Alert2 2.0.0.0
PeaZip 2.6
PlayFLV
PokerStars
PowerDVD
QuickTime
RealArcade
Runes of Magic
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Slingo Mystery Whos Gold
Slingo Quest
Sothink FLV Player
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.15
Ventrilo Client
Veoh Video Compass
Veoh Web Player
Viewpoint Media Player
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winner Poker
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
6/15/2010 2:34:03 PM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
6/15/2010 2:34:03 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
6/15/2010 2:32:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001111B84F40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/15/2010 1:46:13 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
==== End Of File ===========================
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\system32\drivers\gciaeh.sys
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
luckywayne
2010-06-22, 22:31
Jotti was not busy,and I was able to scan the file as requested. I am not sure how to run a log from this application so I will provide the details manually:
All scanners came back with a "found nothing" result with exception to
Ikarus which came back with: 2010-06-21 Trojan.Win32.Agent.
I hope that this is the information that you need.
Regards,
Wayne.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\system32\drivers\gciaeh.sys
Folder::
c:\program files\uTorrent
c:\documents and settings\Wayne\Application Data\uTorrent
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
luckywayne
2010-06-24, 12:41
Done, the log is huge so I zipped it.
Please copy/paste log to your next replies; it is ok if you need multiple replies for that.
If snapshot section is huge you can remove it.
luckywayne
2010-06-26, 16:30
ComboFix 10-06-17.02 - Wayne 06/24/2010 1:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT -4:00]
Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wayne\Desktop\CFScript.txt
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FILE ::
"c:\windows\system32\drivers\gciaeh.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Wayne\Application Data\uTorrent
c:\documents and settings\Wayne\Application Data\uTorrent\2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\2cstbobbregralexjor_qt.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\6 Girl Massage.flv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\8th_street_ariel_teens_nipple_nibble_big.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\aa_penny-buck01_1024.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\am vids.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Amateur Allure - Ariana.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Amateur Allure - Jeatta.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Amateur at its Best - MY PERSONAL TOP 20.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Amateur Cute Petite Teeny Gets Her Ass Fucked And Swallows.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\amateur.hometenvids.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\American Idol_Season 9_Movie Wk_Studios.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Angie Scott - Arsenic 2.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Annet.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\arryn 1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Art of Kissing III - Viv Thomas.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Arya.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Ashlynn Brooke hot in stockings.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\AshlynnBrookePH08.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ATA-Lillian.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\av6491_3000.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Bait 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\BB Happy Belated New Year.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bbw5287500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bbw6861_3000.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bbw6932500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Beata Undine - Sex Carnage 2.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Best of Blowjobs and Cumshots Vol 22.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Better Than Ezra (The Ultimate Discography) [v2.0].torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Big.Bang.Theory.A.XXX.Parody.XXX.DVDRip.XVID.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\BigMouthfuls - Pounding the Secretary.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Blackbachelor_Vegas Hooker.divx.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\blondelil19yo.1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\blondelil19yo.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bmf2361500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bmf2554500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bmf3818500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\bmf3875500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Bobbi Anal Swallow.mpeg.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Bodies In Unison.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Bootylicious48_AtomicGdog.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\BRAM_Cindy.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Brandi Belle - Knock Knock Yokes.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Brandi Belle - Real Pussy Vs Pocket Pussy.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Brandi Belle - Sleep With Both Eyes Open (Dani Jensen).torrent
c:\documents and settings\Wayne\Application Data\uTorrent\BRCC_Bettie.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Brit Angie the Neighbor Lady.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\British Teen Girls #08.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Brooke Skye complete site rip up to 2-11-09.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\BTG#5-S1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Butt Cream Pie.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cameron Love & Totally Tabitha - It's A Mommy Thing 4.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Carmen Goes To College 3.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cheers A XXX Parody.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cherries.59.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Christina Aguilera - Bionic 2010 320KB 2Lions-Team.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Christina.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cindy Hope.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\clip2_384[1].mpeg.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Collection.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\College sandwich.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ConysGirls - Stella.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Courtney Cummz.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Crossing lips.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cruelty Party.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\CSI-Miami.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Cums In Her Mouth Not In Her Hands 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Czech Homemade Incest.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Daddy's Lil Whore 2 - Scene 2 (Dakoda Brookes).avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Daisy Marie.1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Daisy Marie.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\David Cook.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ddd.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Devin- North BJ.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\dht.dat
c:\documents and settings\Wayne\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Wayne\Application Data\uTorrent\Diner Dash 5 - Boom Collector's Edition.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Drimla - Arsenic 2.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\dwp_rachel_roxxx03-sd169.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\EB - JeanMarie.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Electra3G8DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Escort Kira.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Eva - StolenPornVideos.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Extra credit.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\extracted.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Fan Sexxx - Pure Gold Pussy (2005).flv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\fh18-brooke-v.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\fh18-Jasmine.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\fh18_amia.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Francesca Les Overload.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Fresh Outta High School.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Friends.and.Family.XXX.DVDRip.XviD-CLiT.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\FuckedHard18.E45.Evah.The.Super.Petite.Fuck.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\FuckStudies-Sugar.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Full Pogo To Go Games.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G-kyrstie_high_quality.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G15DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G17DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G18DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G24DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G2DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G3DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\G9DEV1280x720.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Get in.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_2whores_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_alexis_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_allison_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_ally_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_amanda_l_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_angela_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_angie_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_april_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_ashley_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_babs_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_belinda_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_betsy_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_brandi_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_brooke_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_candy_pregnant_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_carol_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_celeste_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_cheesecake_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_christina_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_cissy_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_denise_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_double_blowjob_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_erin_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_holly_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_kiki_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_melinda_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_melissa_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_mom_daughter_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_penny_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_riley_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_ronnika_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_sammy_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_tania_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_tiffany_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_tina_2_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ghetto_toni_full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\GirlsnextDoorAbused - Ashley 2.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\GirlsnextDoorAbused - Ashley.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\GirlsNextDoorAbused - Carina.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\GirlsNextDoorAbused - Melanie.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Give us your cash!.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Gloryhole-Jessi Palmer.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\guest_of_honor-full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Hailey Young & Brittany James.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Hand Jobs Across America 6.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Handjob Heaven.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\HardcoreMandy.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Heather Carolin - Earl Miller Vid.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Hidden cam escort 3.AVI.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\HomeMade - Blonde Girlfriend Blowjob.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Horny Euro Sluts - E181 - Xandra Brill.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Ice La Fox - Ass Parade 3.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ihwangelchristian_qt.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ihwcourtneycharles_qt.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Incest Taboo 14 - Brother and Sister (Bobby and Jill).wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine Lynn - Incumming.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine_Lynn_Pack.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine_Lynn_Pack_2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine_Lynn_Pack_3.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine_Lynn_Pack_4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jasmine_Lynn_Pack_5.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jassie.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\jb3093500k.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\jenaveve_jolie_DWP.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jenna Haze & Courtney Cummz Meet The Fuckers 8.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jenna Haze Meow.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Jennifer Dark - Dreaming.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\jizz_and_juice_big.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Katya & Frankie day 1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\kendall_brcc.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\kendra exposed.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Kirara Asuka Honeymoon.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Kristy.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lacie Heart - Titillating Tutor.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lady× Lady - LADY-044 - Lady Stewardess Story (Yuuho Kitada, Rimu Himeno & Natsuki Ando).avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Leah Luv - dd266.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lenka Gaborova - Just Warming Up.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lesbian_Adventures_Lingere_Dreams_Diane_DeLuna_Heather_Carolin.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Let The Good Times Roll.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lindsay of London.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lolita scene 05.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lottso deluxe (pogo).torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lucy Lee - Young Girls in Lust.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lupe Fuentes Virtual Sex.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Lyla Storm_My First Sex Teacher.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MacGruber Encoded XviD CAM SAFCuk009+Fabreezy.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Maggie - TeenSexMovs.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Mar 10.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Marc Dorcel - Incest Family Francais.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Marc Dorcel - Les Nuits d'une Jeune Bourgeoise.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Massage.Creep.Tessa.Taylor.720p.HD.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MDD REQ.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MDD REQUESTS.1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MDD REQUESTS.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Me.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Melanie_BL105_Sc2.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Mia Star.asf.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Michelle B.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MILF390.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\mlib_diamond_foxxx05-sd169.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\mlib_isis_victoria-sd169.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Molly Rome - Flesh peddlers 11.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Molly Rome.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Mollys Life.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\mood_setter_big.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\MTV-Ivana.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\My Wifes Hot Friend.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Nicole - Bangbros.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\not married with children 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Not the Bradys 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\oblivion.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Oldje-TheFamousPornStar.mov.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Oldje-TheRightBalls.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Oldje - Too Young Or Too Old.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Pajama Girls.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Pamela Anderson Uncensored.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Part 1.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\PickEmYoung#2.flv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Pink Eye 3.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Pop.Goes.The.Cherry.with.Taylor.Rain.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\ppv-Heather.Carolin.1974.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\pretty_pussy_big.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Purzel - German Amateurs.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Rachel Roxxx - Tugjobs [Mr. Penis].wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Rachel Steele part 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Real Ex Girlfriends.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\redlight sex trips - bennie from denmark.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\resume.dat
c:\documents and settings\Wayne\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Wayne\Application Data\uTorrent\Rock.Slut.Scene.1.Brittney.Skye.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\rss.dat
c:\documents and settings\Wayne\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Wayne\Application Data\uTorrent\Sabrina(3clips).torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sarah Silverman BDWTR.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sarahisnifty - Sex Camshow.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sarasa Hara Thick kiss and SEX field calico of your beautiful older sister.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sarasa Hara Top Office Lady Sarasa.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sarasa Hara.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\SB.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Schoolgirl Internal - Brittany Banxxx.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\settings.dat
c:\documents and settings\Wayne\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Wayne\Application Data\uTorrent\Sex Analyst - Sammy Jayne, Sarah Daykin, Dana Kelly, Anushka Garin.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Slingo Mystery [Novatorrents].torrent
c:\documents and settings\Wayne\Application Data\uTorrent\SlingoQuest.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Smoking Erotica (best one).wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\so_right_big.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Solenka and Fabian 07 December 2009.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sonia Lemon, Guitar+casting.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Stacie - 4 Handjobs (Wifecrazy.com).torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Street Blowjobs [REQ].torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Strip pong.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Stroke My Dick Now Veronica.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sunny's BIG Adventures 4 PTNA.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sunny Leone - Dirty Talking Blowjob.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\sunny_sex_dirty_bathroom.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Suzie Best, Corrina & Andy.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Suzie Best.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\suzie_mark.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Swan & Cherry with strapon.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Sweet Young Things 4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Tabitha Stevens_Head Case 4.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Tabitha.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Tabu loops 19.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Tanner.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Tanya James and Brandi Edwards.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\TB_Skinny.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\TeenBFF.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Teens Need Chocolate Cum 2.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Thai Chicks Guk and Pan vs Big Black Dick.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\The Anthony's and The Lane's.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\The Bangkoks & The Reese.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\The Cockwell Inn.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\The Smiths.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\The.Doll.House.4.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\the_raw_bar-full.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\This Ain’t Dirty Jobs XXX - This Is A Parody.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\This Butts 4 U Vol. 6.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\This.Aint.Curb.Your.Enthusiasm.XXX.DVDRiP.XviD.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\titfuck-compilation-3.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Titty Transaction.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\tlib_candace_cage-sd169.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Too small.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\TSM-Marta.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\TSM-NewBlonde.wmv.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\TSM-Tiffany.mp4.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Wayne\Application Data\uTorrent\VB Jenny.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Very sexy Drunk Ukrainian nymphet on train-LKRG.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\Virgins Of The Screen #5 - Alyssa Dior - Dakoda Brookes - Rachel Milan - Marie McCray - Jasmine Michelle.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\X001_Mile.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\yc_modern_type_courtesan.avi.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\YDKJ 5th Dementia.torrent
c:\documents and settings\Wayne\Application Data\uTorrent\YPHV - Vicky.torrent
c:\program files\uTorrent
c:\windows\system32\drivers\gciaeh.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-10 20:44 . 2010-06-10 20:44 -------- d-----w- c:\documents and settings\Wayne\Application Data\Malwarebytes
2010-06-10 20:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44 . 2010-06-10 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44 . 2010-06-10 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 20:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 17:41 . 2010-06-10 17:41 -------- d-----w- c:\documents and settings\Wayne\Application Data\Pogo Games
2010-06-10 17:08 . 2010-06-10 17:08 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:41 . 2010-06-10 16:41 84480 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
2010-06-10 16:41 . 2010-06-10 16:41 56832 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
2010-06-10 16:41 . 2010-06-10 16:41 42496 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
2010-06-10 16:41 . 2010-06-10 16:41 41984 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
2010-06-10 16:41 . 2010-06-10 16:41 301568 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
2010-06-10 16:41 . 2010-06-10 16:41 2767360 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
2010-06-10 16:41 . 2010-06-10 16:41 152664 ----a-w- c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe
2010-06-10 16:21 . 2010-06-10 16:21 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21 . 2010-06-10 17:08 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08 . 2010-06-08 17:08 -------- d-----w- c:\program files\Sierra On-Line
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\documents and settings\Wayne\Application Data\EA
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
2010-06-05 17:52 . 2010-06-05 17:52 -------- d-----w- c:\program files\Pogo To Go
2010-06-05 03:07 . 2010-06-08 04:05 -------- d-----w- c:\program files\ToGo Game
2010-06-04 04:33 . 2010-06-04 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-06-04 04:33 . 2010-06-04 04:33 -------- d-----w- c:\documents and settings\Wayne\Application Data\PlayFirst
2010-06-03 19:44 . 2010-06-08 04:43 -------- d-----w- c:\documents and settings\Wayne\Application Data\funkitron
2010-06-03 19:42 . 2010-06-03 19:43 -------- d-----w- c:\program files\Slingo Mystery Whos Gold
2010-06-03 19:42 . 2010-06-03 19:42 -------- d-----w- c:\windows\Slingo Mystery Whos Gold
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 02:48 . 2009-08-20 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 11:26 . 2009-01-05 03:12 -------- d-----w- c:\program files\PokerStars
2010-06-18 04:48 . 2008-11-22 05:26 -------- d-----w- c:\program files\Cheat Engine
2010-06-17 11:50 . 2010-05-23 08:39 -------- d-----w- c:\documents and settings\Wayne\Application Data\vlc
2010-06-10 20:26 . 2010-02-09 22:39 -------- d-----w- c:\program files\Oberon Media
2010-06-10 18:11 . 2010-02-09 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-08 16:33 . 2009-05-26 15:50 -------- d-----w- c:\program files\PeaZip
2010-05-24 13:38 . 2009-05-18 04:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-23 22:11 . 2010-05-23 22:11 61440 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70667c92-n\decora-sse.dll
2010-05-23 22:11 . 2010-05-23 22:11 503808 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\msvcp71.dll
2010-05-23 22:11 . 2010-05-23 22:11 499712 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\jmc.dll
2010-05-23 22:11 . 2010-05-23 22:11 348160 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f61e466-n\msvcr71.dll
2010-05-23 22:11 . 2010-05-23 22:11 12800 ----a-w- c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70667c92-n\decora-d3d.dll
2010-05-23 08:38 . 2010-05-23 08:38 -------- d-----w- c:\program files\VideoLAN
2010-05-23 08:00 . 2010-05-23 08:00 -------- d-----w- c:\program files\Common Files\SourceTec
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\documents and settings\Wayne\Application Data\Canneverbe Limited
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-05-07 15:37 . 2010-05-07 15:37 -------- d-----w- c:\program files\CDBurnerXP
2010-05-02 14:33 . 2010-05-02 14:33 -------- d-----w- c:\program files\QuickTime
2010-05-02 14:33 . 2009-01-17 05:55 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 14:32 . 2010-05-02 14:32 -------- d-----w- c:\program files\Safari
2010-05-02 14:31 . 2010-05-02 14:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.
luckywayne
2010-06-26, 16:32
between this post and last would be the snapshot section, which I did omit.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 39408]
"Google Update"="c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-14 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-03 208896]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-25 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Wayne\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-06-27 22:24 19456 ----a-w- c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-14 18:33 133104 ----atw- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 07:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-03-16 07:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-25 16:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [11/17/2008 5:42 AM 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [11/17/2008 5:42 AM 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [11/17/2008 5:42 AM 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [11/17/2008 5:42 AM 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2009 5:20 PM 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\Wayne\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Wayne\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/25/2009 3:16 AM 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [11/17/2008 5:42 AM 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [9/14/2009 8:29 AM 85504]
.
Contents of the 'Scheduled Tasks' folder
2010-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1425521274-839522115-1004Core.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 18:33]
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1425521274-839522115-1004UA.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 18:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2010-06-24 01:24:37
ComboFix-quarantined-files.txt 2010-06-24 05:24
ComboFix2.txt 2010-06-18 05:00
Pre-Run: 117,165,109,248 bytes free
Post-Run: 118,228,238,336 bytes free
- - End Of File - - 0336DC3BC1C3EBB848F2E92177774C45
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh DDS log.
luckywayne
2010-06-29, 19:26
Hey Shaba,
I can't seem to get Kaspersky to give me a usable accept button. I am getting a message that is requires Java framework verision 1.5 or later to run. I downloaded the latest Java update and installed and it now says that I have version 1.6 and still it will not recognize my java console. I am sure that I am doing something wrong here, just not sure what.
Then please run this instead:
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
luckywayne
2010-07-06, 23:13
apologies for the delay, been quite busy lately. Here are the logs:
Dr.Web:
5fe61458-4db09361;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24;Archive contains infected objects;Moved.;
5fe61458-6f18e195;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24;Archive contains infected objects;Moved.;
6968de25-57616e4a;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\37;Archive contains infected objects;Moved.;
cfdaaf1-556d8449;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49;Archive contains infected objects;Moved.;
5fe61458-4db09361\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-4db09361\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-4db09361\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
6968de25-57616e4a\AppleT.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\37\6968de25-57616e4a;Exploit.Java.59;;
cfdaaf1-556d8449\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
cfdaaf1-556d8449\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
cfdaaf1-556d8449\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
RegUBP2b-Wayne.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0109203.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP506;Trojan.StartPage.1505;Deleted.;
A0110199.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP506;Trojan.StartPage.1505;Deleted.;
A0115485.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP542;Trojan.StartPage.1505;Deleted.;
A0116515.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP543;Trojan.StartPage.1505;Deleted.;
A0117618.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP544;Trojan.StartPage.1505;Deleted.;
A0119294.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP570;Trojan.StartPage.1505;Deleted.;
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Wayne at 17:11:09.43 on Tue 07/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1655 [GMT -4:00]
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Wayne\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\wayne\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\wayne\applic~1\mozilla\firefox\profiles\kt7j57ki.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-17 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-17 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-17 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-11-17 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-11 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-11-17 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-14 85504]
=============== Created Last 30 ================
2010-07-06 16:36:12 0 d-----w- c:\documents and settings\wayne\DoctorWeb
2010-06-29 17:17:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-29 17:17:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 05:11:24 0 d-----w- C:\ComboFix
2010-06-18 04:38:22 0 d-sha-r- C:\cmdcons
2010-06-18 04:34:44 98816 ----a-w- c:\windows\sed.exe
2010-06-18 04:34:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-18 04:34:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-18 04:34:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-10 20:44:45 0 d-----w- c:\docume~1\wayne\applic~1\Malwarebytes
2010-06-10 20:44:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 20:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 20:19:21 397 ----a-w- c:\windows\wininit.ini
2010-06-10 17:41:16 0 d-----w- c:\docume~1\wayne\applic~1\Pogo Games
2010-06-10 17:08:35 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:21:12 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21:11 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08:27 9 ----a-w- c:\windows\sierra.ini
2010-06-08 17:08:26 0 d-----w- c:\program files\Sierra On-Line
==================== Find3M ====================
============= FINISH: 17:11:39.06 ===============
luckywayne
2010-07-06, 23:14
And Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 7:59:13 AM
System Uptime: 7/6/2010 5:10:04 PM (0 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 368 GiB total, 118.298 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:
==== System Restore Points ===================
RP482: 4/8/2010 5:28:13 AM - System Checkpoint
RP483: 4/9/2010 9:03:32 PM - System Checkpoint
RP484: 4/11/2010 2:29:17 AM - System Checkpoint
RP485: 4/12/2010 7:00:49 PM - System Checkpoint
RP486: 4/13/2010 7:31:37 PM - System Checkpoint
RP487: 4/14/2010 8:24:13 PM - System Checkpoint
RP488: 4/15/2010 8:48:44 PM - System Checkpoint
RP489: 4/17/2010 6:11:54 AM - System Checkpoint
RP490: 4/18/2010 6:40:18 AM - System Checkpoint
RP491: 4/19/2010 7:23:44 AM - System Checkpoint
RP492: 4/20/2010 7:47:42 AM - System Checkpoint
RP493: 4/21/2010 8:10:00 AM - System Checkpoint
RP494: 4/22/2010 9:10:00 AM - System Checkpoint
RP495: 4/23/2010 12:44:15 PM - System Checkpoint
RP496: 4/24/2010 2:59:05 PM - System Checkpoint
RP497: 4/25/2010 4:26:58 PM - System Checkpoint
RP498: 4/26/2010 4:46:43 PM - System Checkpoint
RP499: 4/27/2010 6:06:46 PM - System Checkpoint
RP500: 4/28/2010 7:08:14 PM - System Checkpoint
RP501: 4/29/2010 7:46:43 PM - System Checkpoint
RP502: 4/30/2010 8:58:37 PM - System Checkpoint
RP503: 5/1/2010 9:46:37 PM - System Checkpoint
RP504: 5/3/2010 12:41:15 AM - System Checkpoint
RP505: 5/4/2010 12:49:13 AM - System Checkpoint
RP506: 5/5/2010 2:01:23 AM - System Checkpoint
RP507: 5/6/2010 3:02:32 AM - System Checkpoint
RP508: 5/7/2010 3:14:33 AM - System Checkpoint
RP509: 5/8/2010 5:33:36 AM - System Checkpoint
RP510: 5/9/2010 7:34:01 AM - System Checkpoint
RP511: 5/10/2010 8:13:43 AM - System Checkpoint
RP512: 5/11/2010 8:18:05 AM - System Checkpoint
RP513: 5/12/2010 9:13:21 AM - System Checkpoint
RP514: 5/13/2010 11:37:01 AM - System Checkpoint
RP515: 5/14/2010 11:37:06 AM - System Checkpoint
RP516: 5/15/2010 12:13:45 PM - System Checkpoint
RP517: 5/16/2010 1:40:44 PM - System Checkpoint
RP518: 5/17/2010 3:09:26 PM - System Checkpoint
RP519: 5/18/2010 8:50:42 PM - System Checkpoint
RP520: 5/19/2010 9:37:30 PM - System Checkpoint
RP521: 5/21/2010 1:27:36 AM - System Checkpoint
RP522: 5/22/2010 1:44:23 AM - System Checkpoint
RP523: 5/23/2010 1:49:30 AM - System Checkpoint
RP524: 5/24/2010 3:11:13 AM - System Checkpoint
RP525: 5/25/2010 3:50:16 AM - System Checkpoint
RP526: 5/26/2010 4:50:16 AM - System Checkpoint
RP527: 5/27/2010 5:40:40 AM - System Checkpoint
RP528: 5/28/2010 6:04:40 AM - System Checkpoint
RP529: 5/29/2010 6:28:41 AM - System Checkpoint
RP530: 5/30/2010 8:53:48 AM - System Checkpoint
RP531: 5/31/2010 10:00:15 AM - System Checkpoint
RP532: 6/1/2010 6:33:12 PM - System Checkpoint
RP533: 6/2/2010 7:08:21 PM - System Checkpoint
RP534: 6/4/2010 4:26:01 AM - System Checkpoint
RP535: 6/4/2010 11:07:39 PM - Installed Lemonade Tycoon 2 - New York City
RP536: 6/5/2010 1:49:06 PM - Installed Air Strike 3D
RP537: 6/5/2010 1:52:24 PM - Installed Casino Island To Go
RP538: 6/6/2010 2:54:15 PM - System Checkpoint
RP539: 6/7/2010 5:55:27 PM - System Checkpoint
RP540: 6/8/2010 12:05:03 AM - Installed Slingo Quest
RP541: 6/9/2010 3:35:25 AM - System Checkpoint
RP542: 6/10/2010 8:47:13 AM - System Checkpoint
RP543: 6/10/2010 4:27:27 PM - Restore Operation
RP544: 6/10/2010 5:15:34 PM - Software Distribution Service 3.0
RP545: 6/11/2010 5:59:32 PM - System Checkpoint
RP546: 6/12/2010 6:39:02 PM - System Checkpoint
RP547: 6/13/2010 7:03:03 PM - System Checkpoint
RP548: 6/14/2010 7:15:01 PM - System Checkpoint
RP549: 6/15/2010 1:46:05 AM - Removed Ask Toolbar.
RP550: 6/16/2010 2:04:34 AM - System Checkpoint
RP551: 6/17/2010 2:36:17 AM - System Checkpoint
RP552: 6/18/2010 2:55:50 AM - System Checkpoint
RP553: 6/19/2010 3:31:51 AM - System Checkpoint
RP554: 6/20/2010 3:55:51 AM - System Checkpoint
RP555: 6/21/2010 4:55:51 AM - System Checkpoint
RP556: 6/22/2010 5:19:51 AM - System Checkpoint
RP557: 6/23/2010 5:44:04 AM - System Checkpoint
RP558: 6/24/2010 5:52:15 PM - System Checkpoint
RP559: 6/25/2010 6:34:16 PM - System Checkpoint
RP560: 6/26/2010 6:58:16 PM - System Checkpoint
RP561: 6/28/2010 2:40:15 AM - System Checkpoint
RP562: 6/29/2010 2:48:20 AM - System Checkpoint
RP563: 6/29/2010 1:16:17 PM - Removed Java(TM) 6 Update 17
RP564: 6/29/2010 1:16:57 PM - Installed Java(TM) 6 Update 20
RP565: 6/30/2010 1:27:13 PM - System Checkpoint
RP566: 7/1/2010 6:21:41 PM - System Checkpoint
RP567: 7/3/2010 3:22:35 AM - System Checkpoint
RP568: 7/4/2010 4:15:19 AM - System Checkpoint
RP569: 7/5/2010 4:43:05 AM - System Checkpoint
RP570: 7/6/2010 5:32:38 AM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
AIM Toolbar
Air Strike 3D
Apple Application Support
Apple Software Update
AutoUpdate
Battleship
Casino Island To Go
CDBurnerXP
Cheat Engine 5.4
Creative Audio Console
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DraftDominator Version 10.0m Full
Dragon Age: Origins
Fishdom H20 - Hidden Odyssey (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker
Futuremark SystemInfo
GIMP 2.6.3
Google Chrome
Google Toolbar for Internet Explorer
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Inkscape 0.46
Install(US)2
Java Auto Updater
Java(TM) 6 Update 20
LEGO Star Wars II
Lemonade Tycoon 2 - New York City
Lottso! Deluxe
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Move Media Player
Mozilla Firefox (3.0.10)
MSN Toolbar
MSN Toolbar Platform
Nancy Drew: Secrets Can Kill
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Online Armor 3.0
PC Pitstop Driver Alert2 2.0.0.0
PeaZip 2.6
PlayFLV
PokerStars
PowerDVD
QuickTime
RealArcade
Runes of Magic
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Slingo Mystery Whos Gold
Slingo Quest
Sothink FLV Player
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.15
Ventrilo Client
Veoh Video Compass
Veoh Web Player
Viewpoint Media Player
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winner Poker
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
6/29/2010 1:29:16 PM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
6/29/2010 1:29:16 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
That looks good :)
Stil some issues left?
luckywayne
2010-07-08, 02:46
Not at all, everything seems back to normal. Am I cured? :p:
Good :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
luckywayne
2010-07-08, 22:34
very cool, thanks so much Shaba. It's nice to have a well oiled machine again :P. I appreciate all of your help.