View Full Version : Virus/malware infection! Please help
whitesosa
2010-06-18, 15:51
My computer has become infected recently. Everything is running slow and some wierd things have been happening with my programs.
DDS LOG
DDS (Ver_10-03-17.01) - NTFSx86
Run by M at 8:46:10.79 on Fri 06/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3054.1832 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Stardock\ThinkDesk\Multiplicity\multipl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\WINDOWS\System32\svchost.exe"
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\M\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=iet
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RocketDock] c:\program files\rocketdock\RocketDock.exe
uRun: [Google Update] "c:\documents and settings\m\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Multiplicity] c:\program files\stardock\thinkdesk\multiplicity\multipl.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
StartupFolder: c:\docume~1\m\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: facebook.com\login
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2008sp03/cab/eModelsStandard.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196968106859
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\MultiWin32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\xokdn1kn.default\
FF - plugin: c:\documents and settings\m\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\m\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\m\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A57767A7-FC3D-4597-96D9-8147496C1AC9} - c:\documents and settings\m\local settings\application data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-4-4 16048]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-4-4 162096]
R2 Multiplicity;Stardock Multiplicity;c:\program files\stardock\thinkdesk\multiplicity\MultiSrv32.exe [2008-4-5 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-28 24652]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-1-13 11392]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
=============== Created Last 30 ================
2010-06-14 14:37:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-14 14:37:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:35:06 120 ----a-w- c:\windows\Ucuholuracana.dat
2010-06-14 14:35:06 0 ----a-w- c:\windows\Cfunuyosama.bin
2010-06-14 14:34:20 772096 ----a-w- c:\windows\system32\drivers\qmfdyxr.sys
2010-06-14 14:33:23 46592 ---ha-w- c:\windows\system32\autojava.dll
2010-06-14 14:33:22 20 ----a-w- c:\docume~1\m\applic~1\qcopjv.dat
2010-06-11 15:05:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-20 20:16:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-05-20 20:16:33 0 d-----w- c:\program files\Search Toolbar
==================== Find3M ====================
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-05 00:54:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008040420080405\index.dat
============= FINISH: 8:46:49.07 ===============
ATTACH LOG
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2008 8:55:05 PM
System Uptime: 6/18/2010 8:34:25 AM (0 hours ago)
Motherboard: Intel Corporation | | DG33BU
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 197 GiB total, 134.819 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 451.004 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 502 GiB total, 199.103 GiB free.
G: is CDROM ()
H: is CDROM ()
K: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Add or Remove Adobe Creative Suite 3 Production Premium
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Creative Suite 3 Production Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash Media Encoder 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.2.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Ultra CS3
Adobe Ultra CS3 - MSL Legacy Support
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.45
AutoUpdate
AviSynth 2.5
Blaze Media Pro
Bonjour
BufferChm
C4600
Compatibility Pack for the 2007 Office system
Connect
ConVID Live Alpha
Core FTP LE 1.3c
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
Crysis(R)
CyberLink InstantBurn
CyberLink PowerDVD
Destination Component
DeviceDiscovery
Digsby
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DivXLand Media Subtitler
doPDF 5.3 printer
DVD Decrypter (Remove Only)
ffdshow [rev 2732] [2009-02-26]
FLV Player 1.3.3
FrostWire 4.18.3
FXhome VisionLab Studio (remove only)
GameSpy Comrade
GoldWave v5.13
Google Chrome
GoToMyPC
GPBaseService2
Haali Media Splitter
Hi-Def Suite
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTML Password Lock 3.3.1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.3.31.0
Intel® Management Engine Interface
iTunes
Java Auto Updater
Java(TM) 6 Update 20
kuler
LabelPrint
Left 4 Dead 2
LG ODD Auto Firmware Update
LightScribe 1.4.136.1
LightScribe Optical Disc Kit
Logitech Webcam Software
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
MarketResearch
MediaInfo 0.7.10
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XNA Framework Redistributable 2.0
mIRC
MKVtoolnix 2.1.0
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multiplicity
NVIDIA Drivers
OGA Notifier 1.7.0105.14.0
OGA Notifier 2.0.0048.0
PDF Settings
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go 5.0
PowerBackup
PowerISO
PowerProducer
PS_AIO_05_C4600_Software_Min
PS3 Theme Builder 2.5
Quicken 2009
QuickTime
RealPlayer
River Past Video Cleaner Pro
RocketDock
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sony Vegas Pro 8.0
SopCast 2.0.4
Spybot - Search & Destroy
Status
Steam
Suite Shared Configuration CS4
SWiSHmax
The Rosetta Stone
TMPGEnc 4.0 XPress
Toolbox
TrayApp
TweetDeck
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Virtual DJ - Atomix Productions
VobSub v2.23 (Remove Only)
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xross Media Simulator 1.0
Xvid 1.1.2 final uninstall
XviD MPEG4 Video Codec (remove only)
XviD4PSP 5.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
==== Event Viewer Messages From Past Week ========
6/17/2010 10:17:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/17/2010 10:17:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/14/2010 8:40:21 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows XP Service Pack 3 (KB936929).
6/14/2010 8:33:51 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/14/2010 8:33:51 AM, error: Service Control Manager [7000] - The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/14/2010 5:19:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
6/14/2010 10:34:22 AM, error: Service Control Manager [7000] - The 61883 Unit Device service failed to start due to the following error: A device attached to the system is not functioning.
==== End Of File ===========================
Anyone?
Hi whitesosa
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
whitesosa
2010-06-23, 15:58
COmboFix log
ComboFix 10-06-22.03 - M 06/23/2010 8:35.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3054.2517 [GMT -4:00]
Running from: c:\documents and settings\M\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\M\Application Data\367baad1.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\tbhelper.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\spool\prtprocs\w32x86\E7aA1k.dll
c:\windows\system32\gotomon.log . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSWINDOWS
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.
2010-06-22 12:26 . 2010-06-22 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-06-18 19:18 . 2010-06-18 19:29 256 ----a-w- c:\windows\system32\pool.bin
2010-06-18 19:18 . 2010-06-18 19:18 -------- d-----w- c:\documents and settings\M\Application Data\Research In Motion
2010-06-18 17:18 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-18 17:18 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-18 17:16 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-18 17:16 . 2010-06-18 17:17 -------- d-----w- c:\program files\Roxio
2010-06-18 17:13 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-06-18 17:12 . 2010-06-18 17:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\program files\Research In Motion
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-06-14 14:37 . 2010-06-14 14:37 -------- d-----w- c:\program files\Common Files\Java
2010-06-14 14:37 . 2010-06-14 14:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:35 . 2010-06-16 16:11 120 ----a-w- c:\windows\Ucuholuracana.dat
2010-06-14 14:35 . 2010-06-16 14:03 0 ----a-w- c:\windows\Cfunuyosama.bin
2010-06-14 14:35 . 2010-06-14 14:35 -------- d-----w- c:\documents and settings\M\Local Settings\Application Data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
2010-06-14 14:34 . 2010-06-23 12:45 772096 ----a-w- c:\windows\system32\drivers\qmfdyxr.sys
2010-06-11 15:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 12:35 . 2009-09-07 00:19 -------- d-----w- c:\documents and settings\M\Application Data\HPAppData
2010-06-23 12:23 . 2009-01-09 20:11 -------- d-----w- c:\program files\iTunes
2010-06-22 15:36 . 2008-04-06 06:55 -------- d--h--r- c:\documents and settings\M\Application Data\yahoo!
2010-06-22 13:41 . 2010-06-22 13:41 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-22 13:21 . 2009-09-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-22 12:35 . 2009-01-09 20:11 -------- d-----w- c:\program files\iPod
2010-06-22 12:33 . 2008-04-06 05:35 -------- d-----w- c:\program files\QuickTime
2010-06-22 12:30 . 2008-04-06 02:28 -------- d-----w- c:\program files\Bonjour
2010-06-18 18:20 . 2008-04-05 00:56 124984 ----a-w- c:\documents and settings\M\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-18 17:18 . 2009-12-01 02:25 -------- d-----w- c:\documents and settings\M\Application Data\InstallShield
2010-06-18 17:16 . 2007-12-06 18:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-17 17:23 . 2008-04-06 07:19 -------- d-----w- c:\documents and settings\M\Application Data\CoreFTP
2010-06-16 14:19 . 2008-04-06 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 00:23 . 2010-06-16 14:19 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:37 . 2010-06-14 14:37 61440 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11bc3db1-n\decora-sse.dll
2010-06-14 14:37 . 2010-06-14 14:37 503808 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\msvcp71.dll
2010-06-14 14:37 . 2010-06-14 14:37 499712 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\jmc.dll
2010-06-14 14:37 . 2010-06-14 14:37 348160 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\msvcr71.dll
2010-06-14 14:37 . 2010-06-14 14:37 12800 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11bc3db1-n\decora-d3d.dll
2010-06-14 14:33 . 2010-06-14 14:33 20 ----a-w- c:\documents and settings\M\Application Data\qcopjv.dat
2010-06-09 17:08 . 2008-04-06 05:44 -------- d-----w- c:\program files\mIRC
2010-06-09 12:21 . 2008-04-07 02:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 16:04 . 2009-10-23 18:02 -------- d-----w- c:\documents and settings\M\Application Data\FrostWire
2010-05-25 16:23 . 2008-04-05 23:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 20:20 . 2008-12-29 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 20:16 . 2008-04-05 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 13:53 . 2010-02-01 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-04 14:37 . 2010-05-04 14:37 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-05-02 05:56 . 2008-08-26 02:32 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-12-29 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-12-29 03:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2007-07-27 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2005-08-05 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"CTHelper"="CTHELPER.EXE" [2008-02-21 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-21 19968]
"Multiplicity"="c:\program files\Stardock\ThinkDesk\Multiplicity\multipl.exe" [2008-02-12 638464]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
c:\documents and settings\M\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 21:04 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 19:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^M^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]
path=c:\documents and settings\M\Start Menu\Programs\Startup\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-18 18:56 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:15 133104 ----atw- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
2008-09-30 21:04 258856 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 22:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 22:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-06-04 22:24 599600 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 18:48 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-04-04 17:36 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 22:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 21:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-27 23:07 1217808 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-06 07:21 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 17:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-10-02 00:42 10752 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Stardock\\ThinkDesk\\Multiplicity\\MultiSrv32.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [4/4/2008 1:34 PM 16048]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [4/4/2008 1:34 PM 162096]
R2 Multiplicity;Stardock Multiplicity;c:\program files\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe [4/5/2008 6:40 PM 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/28/2009 11:18 PM 24652]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [1/13/2009 8:14 PM 11392]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
--- Other Services/Drivers In Memory ---
*Deregistered* - qmfdyxr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198109447-1953730502-90051572-1005Core.job
- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:15]
2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198109447-1953730502-90051572-1005UA.job
- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:15]
2010-06-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{B4E1166B-753E-4CFD-AAB9-21714D6FFEBA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=iet
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: facebook.com\login
TCP: {A4D6DD61-FE1D-420D-8F9B-47C13B531555} = 208.67.220.220,208.67.222.222
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\xokdn1kn.default\
FF - plugin: c:\documents and settings\M\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\M\Application Data\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\M\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A57767A7-FC3D-4597-96D9-8147496C1AC9} - c:\documents and settings\M\Local Settings\Application Data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-Ixuno - c:\windows\iburediqa.dll
MSConfigStartUp-Qdayupuwowo - c:\windows\WMVFWg.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 08:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qmfdyxr]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,d2,91,72,ab,ec,d0,44,81,8f,e8,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,d2,91,72,ab,ec,d0,44,81,8f,e8,\
[HKEY_LOCAL_MACHINE\software\Classes\.doc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.dot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlb\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
- - - - - - - > 'explorer.exe'(5684)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-06-23 08:52:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-23 12:52
Pre-Run: 144,012,447,744 bytes free
Post-Run: 144,102,359,040 bytes free
- - End Of File - - 706EADD7541B6C77E307F66D58107E5C
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by M at 8:56:58.95 on Wed 06/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3054.2344 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
"C:\WINDOWS\System32\svchost.exe"
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\M\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=iet
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [RocketDock] c:\program files\rocketdock\RocketDock.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Multiplicity] c:\program files\stardock\thinkdesk\multiplicity\multipl.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
StartupFolder: c:\docume~1\m\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: facebook.com\login
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2008sp03/cab/eModelsStandard.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196968106859
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: {A4D6DD61-FE1D-420D-8F9B-47C13B531555} = 208.67.220.220,208.67.222.222
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\MultiWin32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\xokdn1kn.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A57767A7-FC3D-4597-96D9-8147496C1AC9} - c:\documents and settings\m\local settings\application data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-4-4 16048]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-4-4 162096]
R2 Multiplicity;Stardock Multiplicity;c:\program files\stardock\thinkdesk\multiplicity\MultiSrv32.exe [2008-4-5 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-28 24652]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-1-13 11392]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
=============== Created Last 30 ================
2010-06-23 12:29:55 98816 ----a-w- c:\windows\sed.exe
2010-06-23 12:29:55 77312 ----a-w- c:\windows\MBR.exe
2010-06-23 12:29:55 256512 ----a-w- c:\windows\PEV.exe
2010-06-23 12:29:55 161792 ----a-w- c:\windows\SWREG.exe
2010-06-22 12:26:54 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-06-18 19:18:08 256 ----a-w- c:\windows\system32\pool.bin
2010-06-18 19:18:07 0 d-----w- c:\docume~1\m\applic~1\Research In Motion
2010-06-18 17:16:36 0 d-----w- c:\program files\common files\Sonic Shared
2010-06-18 17:16:35 0 d-----w- c:\program files\Roxio
2010-06-18 17:13:34 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-06-18 17:12:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2010-06-18 17:12:30 0 d-----w- c:\program files\Research In Motion
2010-06-18 17:12:30 0 d-----w- c:\program files\common files\Research In Motion
2010-06-14 14:37:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-14 14:37:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:35:06 120 ----a-w- c:\windows\Ucuholuracana.dat
2010-06-14 14:35:06 0 ----a-w- c:\windows\Cfunuyosama.bin
2010-06-14 14:34:20 772096 ----a-w- c:\windows\system32\drivers\qmfdyxr.sys
2010-06-14 14:33:22 20 ----a-w- c:\docume~1\m\applic~1\qcopjv.dat
2010-06-11 15:05:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
==================== Find3M ====================
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-04-05 00:54:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008040420080405\index.dat
============= FINISH: 8:57:07.40 ===============
whitesosa
2010-06-23, 15:59
Attach LOG
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2008 8:55:05 PM
System Uptime: 6/23/2010 8:44:18 AM (0 hours ago)
Motherboard: Intel Corporation | | DG33BU
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 197 GiB total, 134.232 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 451.004 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 502 GiB total, 199.102 GiB free.
G: is CDROM ()
H: is CDROM ()
K: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 6/23/2010 8:29:59 AM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Add or Remove Adobe Creative Suite 3 Production Premium
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Creative Suite 3 Production Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash Media Encoder 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.2.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Ultra CS3
Adobe Ultra CS3 - MSL Legacy Support
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.45
AutoUpdate
AviSynth 2.5
BlackBerry Desktop Software 5.0.1
Blaze Media Pro
Bonjour
BufferChm
C4600
Compatibility Pack for the 2007 Office system
Connect
ConVID Live Alpha
Core FTP LE 1.3c
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
Crysis(R)
CyberLink InstantBurn
CyberLink PowerDVD
Destination Component
DeviceDiscovery
Digsby
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DivXLand Media Subtitler
doPDF 5.3 printer
DVD Decrypter (Remove Only)
ffdshow [rev 2732] [2009-02-26]
FLV Player 1.3.3
FrostWire 4.18.3
FXhome VisionLab Studio (remove only)
GameSpy Comrade
GoldWave v5.13
Google Chrome
GoToMyPC
GPBaseService2
Haali Media Splitter
Hi-Def Suite
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTML Password Lock 3.3.1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.3.31.0
Intel® Management Engine Interface
iTunes
Java Auto Updater
Java(TM) 6 Update 20
kuler
LabelPrint
Left 4 Dead 2
LG ODD Auto Firmware Update
LightScribe 1.4.136.1
LightScribe Optical Disc Kit
Logitech Webcam Software
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
MarketResearch
MediaInfo 0.7.10
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XNA Framework Redistributable 2.0
mIRC
MKVtoolnix 2.1.0
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multiplicity
NVIDIA Drivers
OGA Notifier 1.7.0105.14.0
OGA Notifier 2.0.0048.0
PDF Settings
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go 5.0
PowerBackup
PowerISO
PowerProducer
PS_AIO_05_C4600_Software_Min
PS3 Theme Builder 2.5
Quicken 2009
QuickTime
RealPlayer
River Past Video Cleaner Pro
RocketDock
Roxio Media Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sony Vegas Pro 8.0
SopCast 2.0.4
Spybot - Search & Destroy
Status
Steam
Suite Shared Configuration CS4
SWiSHmax
The Rosetta Stone
TMPGEnc 4.0 XPress
Toolbox
TrayApp
TweetDeck
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Virtual DJ - Atomix Productions
VobSub v2.23 (Remove Only)
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xross Media Simulator 1.0
Xvid 1.1.2 final uninstall
XviD MPEG4 Video Codec (remove only)
XviD4PSP 5.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
==== Event Viewer Messages From Past Week ========
6/23/2010 8:35:47 AM, error: Service Control Manager [7034] - The Stardock Multiplicity service terminated unexpectedly. It has done this 1 time(s).
6/23/2010 8:29:36 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
6/22/2010 8:26:56 AM, error: DCOM [10000] - Unable to start a DCOM Server: {2692A9D5-61DF-46D5-A5A1-A6CCA921D578}. The error: "%3" Happened while starting this command: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" -Embedding
6/18/2010 8:21:29 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/18/2010 8:21:29 AM, error: Service Control Manager [7000] - The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/18/2010 3:17:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
6/18/2010 12:10:16 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer STREAM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A4D6DD61-FE1D-420D-8F. The master browser is stopping or an election is being forced.
6/17/2010 12:16:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2010 10:17:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:31 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 10:17:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
==== End Of File ===========================
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\system32\drivers\qmfdyxr.sys
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
whitesosa
2010-06-24, 17:40
Jotti says file is empty 0 bytes
Well it is not according to combofix log.
Please rename file, copy to another location and try again :)
whitesosa
2010-06-30, 18:27
It will not let me rename the file or copy it to another location. Any other suggestions. Malware Bytes scanned the file and came up with IEbooot infection.
Well then it just has to be removed.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\Ucuholuracana.dat
c:\windows\Cfunuyosama.bin
c:\windows\system32\drivers\qmfdyxr.sys
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
whitesosa
2010-06-30, 23:08
Ok here it is...
ComboFix 10-06-29.04 - M 06/30/2010 15:48:24.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3054.2467 [GMT -4:00]
Running from: c:\documents and settings\M\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\M\Desktop\CFScript.txt
FILE ::
"c:\windows\Cfunuyosama.bin"
"c:\windows\system32\drivers\qmfdyxr.sys"
"c:\windows\Ucuholuracana.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Cfunuyosama.bin
c:\windows\system32\drivers\qmfdyxr.sys
c:\windows\system32\gotomon.log
c:\windows\Ucuholuracana.dat
c:\windows\system32\gotomon.log . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_qmfdyxr
-------\Service_qmfdyxr
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-22 12:26 . 2010-06-22 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-06-18 19:18 . 2010-06-23 13:51 256 ----a-w- c:\windows\system32\pool.bin
2010-06-18 19:18 . 2010-06-18 19:18 -------- d-----w- c:\documents and settings\M\Application Data\Research In Motion
2010-06-18 17:18 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-18 17:18 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-18 17:16 . 2010-06-18 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-18 17:16 . 2010-06-18 17:17 -------- d-----w- c:\program files\Roxio
2010-06-18 17:13 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-06-18 17:12 . 2010-06-18 17:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-06-18 17:12 . 2010-06-18 17:12 -------- d-----w- c:\program files\Research In Motion
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-06-14 14:37 . 2010-06-14 14:37 -------- d-----w- c:\program files\Common Files\Java
2010-06-14 14:37 . 2010-06-14 14:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:35 . 2010-06-14 14:35 -------- d-----w- c:\documents and settings\M\Local Settings\Application Data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
2010-06-11 15:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 19:15 . 2009-09-07 00:19 -------- d-----w- c:\documents and settings\M\Application Data\HPAppData
2010-06-29 17:38 . 2008-04-06 07:19 -------- d-----w- c:\documents and settings\M\Application Data\CoreFTP
2010-06-28 17:59 . 2009-10-23 18:02 -------- d-----w- c:\documents and settings\M\Application Data\FrostWire
2010-06-23 12:23 . 2009-01-09 20:11 -------- d-----w- c:\program files\iTunes
2010-06-22 15:36 . 2008-04-06 06:55 -------- d--h--r- c:\documents and settings\M\Application Data\yahoo!
2010-06-22 13:41 . 2010-06-22 13:41 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-22 13:21 . 2009-09-07 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-22 12:35 . 2009-01-09 20:11 -------- d-----w- c:\program files\iPod
2010-06-22 12:33 . 2008-04-06 05:35 -------- d-----w- c:\program files\QuickTime
2010-06-22 12:30 . 2008-04-06 02:28 -------- d-----w- c:\program files\Bonjour
2010-06-18 18:20 . 2008-04-05 00:56 124984 ----a-w- c:\documents and settings\M\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-18 17:18 . 2009-12-01 02:25 -------- d-----w- c:\documents and settings\M\Application Data\InstallShield
2010-06-18 17:16 . 2007-12-06 18:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-16 14:19 . 2008-04-06 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 00:23 . 2010-06-16 14:19 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:37 . 2010-06-14 14:37 61440 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11bc3db1-n\decora-sse.dll
2010-06-14 14:37 . 2010-06-14 14:37 503808 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\msvcp71.dll
2010-06-14 14:37 . 2010-06-14 14:37 499712 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\jmc.dll
2010-06-14 14:37 . 2010-06-14 14:37 348160 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-44cfe10d-n\msvcr71.dll
2010-06-14 14:37 . 2010-06-14 14:37 12800 ----a-w- c:\documents and settings\M\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11bc3db1-n\decora-d3d.dll
2010-06-14 14:33 . 2010-06-14 14:33 20 ----a-w- c:\documents and settings\M\Application Data\qcopjv.dat
2010-06-09 17:08 . 2008-04-06 05:44 -------- d-----w- c:\program files\mIRC
2010-06-09 12:21 . 2008-04-07 02:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 16:23 . 2008-04-05 23:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 20:20 . 2008-12-29 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 20:16 . 2008-04-05 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 13:53 . 2010-02-01 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-04 14:37 . 2010-05-04 14:37 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-05-02 05:56 . 2008-08-26 02:32 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-12-29 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-12-29 03:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2007-07-27 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2009-08-09 23:01 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2009-08-09 23:01 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-06-23_12.45.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-30 19:57 . 2010-06-30 19:57 16384 c:\windows\Temp\Perflib_Perfdata_3e0.dat
+ 2010-06-30 19:57 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2010-06-23 12:44 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2005-08-05 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"CTHelper"="CTHELPER.EXE" [2008-02-21 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-21 19968]
"Multiplicity"="c:\program files\Stardock\ThinkDesk\Multiplicity\multipl.exe" [2008-02-12 638464]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
c:\documents and settings\M\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 21:04 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 19:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^M^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]
path=c:\documents and settings\M\Start Menu\Programs\Startup\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-18 18:56 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:15 133104 ----atw- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
2008-09-30 21:04 258856 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 22:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 22:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-06-04 22:24 599600 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 18:48 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-04-04 17:36 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 22:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 21:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-27 23:07 1217808 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-06 07:21 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 17:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-10-02 00:42 10752 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Stardock\\ThinkDesk\\Multiplicity\\MultiSrv32.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [4/4/2008 1:34 PM 16048]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [4/4/2008 1:34 PM 162096]
R2 Multiplicity;Stardock Multiplicity;c:\program files\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe [4/5/2008 6:40 PM 208896]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/28/2009 11:18 PM 24652]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [1/13/2009 8:14 PM 11392]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198109447-1953730502-90051572-1005Core.job
- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:15]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198109447-1953730502-90051572-1005UA.job
- c:\documents and settings\M\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:15]
2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{B4E1166B-753E-4CFD-AAB9-21714D6FFEBA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=iet
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: facebook.com\login
TCP: {A4D6DD61-FE1D-420D-8F9B-47C13B531555} = 208.67.220.220,208.67.222.222
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\xokdn1kn.default\
FF - plugin: c:\documents and settings\M\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\M\Application Data\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\M\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A57767A7-FC3D-4597-96D9-8147496C1AC9} - c:\documents and settings\M\Local Settings\Application Data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 16:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,d2,91,72,ab,ec,d0,44,81,8f,e8,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,d2,91,72,ab,ec,d0,44,81,8f,e8,\
[HKEY_LOCAL_MACHINE\software\Classes\.doc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.dot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlb\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
- - - - - - - > 'explorer.exe'(4168)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\RocketDock\MouseHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-06-30 16:06:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 20:06
ComboFix2.txt 2010-06-23 12:52
Pre-Run: 143,599,390,720 bytes free
Post-Run: 143,675,875,328 bytes free
- - End Of File - - 4D1528CDD14AD493963DE348C10BA18F
Sorry for delay but I never got email notification from this one.
Please post a fresh DDS log as well :)
whitesosa
2010-07-13, 21:42
New dds:
dds (ver_10-03-17.01) - ntfsx86
run by m at 14:41:12.00 on tue 07/13/2010
internet explorer: 8.0.6001.18702 browserjavaversion: 1.6.0_20
microsoft windows xp professional 5.1.2600.2.1252.1.1033.18.3054.2277 [gmt -4:00]
============== running processes ===============
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k wudfservicegroup
svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\creative\shared files\ctaudsvc.exe
svchost.exe
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\citrix\gotomypc\g2svc.exe
c:\windows\system32\svchost.exe -k hpdevmgmt
c:\program files\citrix\gotomypc\g2comm.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
c:\program files\stardock\thinkdesk\multiplicity\multisrv32.exe
c:\windows\system32\svchost.exe -k hpz12
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe -k hpz12
c:\program files\citrix\gotomypc\g2pre.exe
c:\program files\citrix\gotomypc\g2tray.exe
c:\windows\system32\svchost.exe -k imgsvc
c:\program files\viewpoint\common\viewpointservice.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\explorer.exe
c:\windows\system32\cthelper.exe
c:\windows\system32\ctxfihlp.exe
c:\program files\stardock\thinkdesk\multiplicity\multipl.exe
c:\program files\poweriso\pwrisovm.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctxfispi.exe
c:\program files\divx\divx update\divxupdate.exe
c:\program files\rocketdock\rocketdock.exe
c:\program files\windows desktop search\windowssearch.exe
c:\program files\yahoo!\widgets\yahoowidgets.exe
c:\program files\yahoo!\widgets\yahoowidgets.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\hp\digital imaging\smart web printing\hpswp_clipbook.exe
c:\program files\mozilla firefox\plugin-container.exe
c:\program files\yahoo!\messenger\yahoomessenger.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\searchprotocolhost.exe
c:\documents and settings\m\desktop\dds.scr
============== pseudo hjt report ===============
ustart page = hxxp://www.yahoo.com/
msearch bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uinternet connection wizard,shellnext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=dfw&ybv=6.8&yo=iet
uinternet settings,proxyoverride = *.local
usearchurl,(default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
murlsearchhooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
bho: &yahoo! Toolbar helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
bho: Hp print enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
bho: Adobe pdf reader link helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
bho: Realplayer download and record plugin for internet explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
bho: Yahoo! Ie services button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
bho: Java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
bho: Jqsiestartdetectorimpl class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
bho: Tbsb05974 class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
bho: Hp smart bho class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
tb: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
urun: [rocketdock] c:\program files\rocketdock\rocketdock.exe
mrun: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
mrun: [nwiz] nwiz.exe /install
mrun: [cthelper] cthelper.exe
mrun: [ctxfihlp] ctxfihlp.exe
mrun: [multiplicity] c:\program files\stardock\thinkdesk\multiplicity\multipl.exe
mrun: [pwrisovm.exe] c:\program files\poweriso\pwrisovm.exe
mrun: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
mrun: [quicktime task] "c:\program files\quicktime\qttask.exe" -atboottime
mrun: [divxupdate] "c:\program files\divx\divx update\divxupdate.exe" /checknow
startupfolder: C:\docume~1\m\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\yahoowidgets.exe
startupfolder: C:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\windowssearch.exe
ie: E&xport to microsoft excel - c:\progra~1\micros~2\office10\excel.exe/3000
ie: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe
ie: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
ie: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
ie: {dde87865-83c5-48c4-8357-2f5b1aa84522} - {dde87865-83c5-48c4-8357-2f5b1aa84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
trusted zone: Facebook.com\login
dpf: {02bf25d5-8c17-4b23-bc80-d3488abddc6b} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/quicktime/qtactivex/qtplugin.cab
dpf: {166b1bca-3f9c-11cf-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
dpf: {17492023-c23a-453e-a040-c7c580bbf700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/legitcheckcontrol.cab
dpf: {1842b0ee-b597-11d4-8997-00104bd12d94} - hxxp://www.pcpitstop.com/internet/pcpconncheck.cab
dpf: {215b8138-a3cf-44c5-803f-8226143cfc0a} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcimpl.cab
dpf: {22945a69-1191-4dcf-9e6f-409bde94d101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2008sp03/cab/emodelsstandard.cab
dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
dpf: {3ea4fa88-e0be-419a-a732-9b79b87a6ed0} - hxxp://dl.tvunetworks.com/tvuax.cab
dpf: {4871a87a-bfdd-4106-8153-ffde2bac2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/msnpupld.cab
dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} - hxxp://www.update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1196968106859
dpf: {7b297bfd-85e4-4092-b2af-16a91b2ea103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
dpf: {8feff364-6a5f-4966-a917-a3ac28411659} - hxxp://download.sopcast.cn/download/sopcore.cab
dpf: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
dpf: {9c23d886-43cb-43de-b2db-112a68d7e10a} - hxxp://lads.myspace.com/upload/myspaceuploader2.cab
dpf: {cafeefac-0016-0000-0020-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
dpf: {e6bb2089-163f-466b-812a-748096614dfd} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
tcp: {a4d6dd61-fe1d-420d-8f9b-47c13b531555} = 208.67.220.220,208.67.222.222
handler: Cdo - {cd00020a-8b95-11d1-82db-00c04fb1625d} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
notify: Gotomypc - c:\program files\citrix\gotomypc\g2winlogon.dll
notify: Igfxcui - igfxdev.dll
notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\multiwin32.dll
ssodl: Wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll
seh: Windows desktop search namespace manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\msnlnamespacemgr.dll
================= firefox ===================
ff - profilepath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\xokdn1kn.default\
ff - plugin: C:\documents and settings\m\application data\move networks\plugins\npqmp071503000010.dll
ff - plugin: C:\documents and settings\m\application data\move networks\plugins\npqmp071706000001.dll
ff - plugin: C:\documents and settings\m\local settings\application data\google\update\1.2.183.29\npgoogleoneclick8.dll
ff - plugin: C:\program files\common files\research in motion\bbwebsllauncher\npwebsllauncher.dll
ff - plugin: C:\program files\divx\divx plus web player\npdivx32.dll
ff - plugin: C:\program files\java\jre6\bin\new_plugin\npdeployjava1.dll
ff - plugin: C:\program files\viewpoint\viewpoint media player\npviewpoint.dll
ff - hiddenextension: Microsoft .net framework assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
ff - hiddenextension: Xulrunner: {a57767a7-fc3d-4597-96d9-8147496c1ac9} - c:\documents and settings\m\local settings\application data\{a57767a7-fc3d-4597-96d9-8147496c1ac9}
ff - hiddenextension: Java console: No registry reference - c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0020-abcdeffedcba}
---- firefox policies ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutsecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedweight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketsize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxtimegroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timegroupingsize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryweight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixweight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundinterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightthemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.alltabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyuser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= services / drivers ===============
r1 clbstor;instantburn storage helper driver;c:\windows\system32\drivers\clbstor.sys [2008-4-4 16048]
r2 clbudf;cyberlink instantburn udf filesystem;c:\windows\system32\drivers\clbudf.sys [2008-4-4 162096]
r2 multiplicity;stardock multiplicity;c:\program files\stardock\thinkdesk\multiplicity\multisrv32.exe [2008-4-5 208896]
r2 viewpoint manager service;viewpoint manager service;c:\program files\viewpoint\common\viewpointservice.exe [2009-7-28 24652]
s2 dualshock3;dualshock3 controller hid minidriver (usb) beta;c:\windows\system32\drivers\dualshock3.sys [2009-1-13 11392]
s3 nwusbcdfil;novatel wireless installation cd;c:\windows\system32\drivers\nwusbcdfil.sys [2008-7-7 20480]
s3 nwusbport2;novatel wireless usb status2 port driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
=============== created last 30 ================
2010-06-23 12:29:55 98816 ----a-w- c:\windows\sed.exe
2010-06-23 12:29:55 77312 ----a-w- c:\windows\mbr.exe
2010-06-23 12:29:55 256512 ----a-w- c:\windows\pev.exe
2010-06-23 12:29:55 161792 ----a-w- c:\windows\swreg.exe
2010-06-22 12:26:54 0 d-----w- c:\docume~1\alluse~1\applic~1\ca
2010-06-18 19:18:08 256 ----a-w- c:\windows\system32\pool.bin
2010-06-18 19:18:07 0 d-----w- c:\docume~1\m\applic~1\research in motion
2010-06-18 17:16:36 0 d-----w- c:\program files\common files\sonic shared
2010-06-18 17:16:35 0 d-----w- c:\program files\roxio
2010-06-18 17:13:34 27136 ----a-r- c:\windows\system32\drivers\rimserial.sys
2010-06-18 17:12:50 0 d-----w- c:\docume~1\alluse~1\applic~1\research in motion
2010-06-18 17:12:30 0 d-----w- c:\program files\research in motion
2010-06-18 17:12:30 0 d-----w- c:\program files\common files\research in motion
2010-06-14 14:37:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-14 14:37:42 411368 ----a-w- c:\windows\system32\deployjava1.dll
2010-06-14 14:33:22 20 ----a-w- c:\docume~1\m\applic~1\qcopjv.dat
==================== find3m ====================
2010-06-29 12:54:28 124984 ----a-w- c:\docume~1\m\applic~1\gdipfontcachev1.dat
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-04-05 00:54:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008040420080405\index.dat
============= finish: 14:41:42.48 ===============
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
whitesosa
2010-07-15, 21:11
I keep getting this error with IE and FF..
0[ERROR: java.lang.NullPointerException]
You can then try scan with for example Opera :)
whitesosa
2010-07-19, 22:02
Opera produces this error:
Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.
I have installed the latest Java from Java.com and retried with no success.
Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.
whitesosa
2010-07-21, 21:25
Ok this worked. Here's the log..
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=76e4e798a1de2d45a6cb3143654546dc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-21 06:23:24
# local_time=2010-07-21 02:23:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 50016602 50016602 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=349059
# found=26
# cleaned=0
# scan_time=9494
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch4.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\M\Application Data\Sun\Java\Deployment\cache\6.0\30\5e8c48de-4f73192c multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\M\Local Settings\Application Data\{A57767A7-FC3D-4597-96D9-8147496C1AC9}\chrome\content\overlay.xul probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_qmfdyxr_.sys.zip Win32/Agent.OFB trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\E7aA1k.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-198109447-1953730502-90051572-1005\Dc17\index.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-198109447-1953730502-90051572-1005\Dc17\preview\index.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-198109447-1953730502-90051572-1005\Dc17\preview\Scripts\AC_RunActiveContent.js JS/TrojanDownloader.HackLoad.AA trojan 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-198109447-1953730502-90051572-1005\Dc17\Scripts\AC_RunActiveContent.js JS/TrojanDownloader.HackLoad.AA trojan 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-198109447-1953730502-90051572-1005\Dc17\tweet\index.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
F:\furniture\sql\80\Tools\HTML\sspat0.htm Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\ivnetent\index.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\diam\001\home.htm Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\01.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\02.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\03.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\04.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\05.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\06.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\07.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\08.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\09.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
G:\downloads\Apps\ADOBE_CS4_PGen_v1.02.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
whitesosa
2010-07-23, 17:08
Hey any advice?
Sorry, I'm currently on vacation and not much on computer :)
Empty these folders:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
C:\Qoobox\Quarantine\
Delete this file:
G:\downloads\Apps\ADOBE_CS4_PGen_v1.02.rar
Empty Recycle Bin.
Do you recognize these files?
F:\furniture\sql\80\Tools\HTML\sspat0.htm Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\ivnetent\index.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\diam\001\home.htm Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\01.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\02.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\03.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\04.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\05.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\06.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\07.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\08.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
F:\wilrod2\taco\hiphop\sugarhill\photos\09.html Win32/Allaple.Gen worm 00000000000000000000000000000000 I
whitesosa
2010-07-23, 17:36
Yes I recoginize those files. They are part of websites I worked on.
Sorry for delay, I never got email notification from this one.
Then they are fine. Any issues left?
whitesosa
2010-08-02, 23:17
Yea I still have some issues. Although my computer is in much better shape thanks to you... I had something popup today trying to run a script or program that I closed by clicking the X. It appeared to be part of a virus or malware although I am not sure
Can you give any details and has that occured again?
whitesosa
2010-08-10, 23:06
It has not happened again and it happened so quickly. My computer has been running very sluggish. Do you have any tips?
How old is windows installation?
whitesosa
2010-08-12, 17:25
about 2 years or so
So it might then affect.
Have you lately removed temp files or defragged?