zgreatwhite
2010-07-06, 04:16
I am running:
Windows SP2
Spybot 1.6.2(Spybot user for 1+ years)
Database Update 2010-06-30
I reboot my PC and run Spybot, select
CHECK FOR PROBLEMS
Everything runs normal, with the RUNNING BOT-CHECK status line at the bottom with the counter running. Once the counter displays just past 129000, Spybot simply closes.
===================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Big Daddy at 18:06:05.54 on Mon 07/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1504 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Boeing_bss\BSS 2.3\VPN_Client_4.8\VPNClient\cvpnd.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\drivers\KENSIN~1\keyboard\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
F:\Hardcopy\20070903\hardcopy.exe
C:\WINDOWS\system32\wuauclt.exe
G:\downloads\dds\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\spybot\1dot62\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [dso32] c:\docume~1\bigdad~1\locals~1\temp\dsoqq.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kenkeybd] f:\drivers\kensin~1\keyboard\keyboard\Ikeymain.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: c:\docume~1\bigdad~1\startm~1\programs\startup\hardcopy.lnk - f:\hardcopy\20070903\hardcopy.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Event Reminder.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VPN Client.lnk.disabled
IE: E&xport to Microsoft Excel - d:\office\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - o:\hooperpc\c_apps1_05gb\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\spybot\1dot62\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197488610812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\bigdad~1\applic~1\mozilla\firefox\profiles\lolj6512.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://excite.com/
FF - component: c:\documents and settings\big daddy\application data\mozilla\firefox\profiles\lolj6512.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\office\media\netscape6\nppl3260.dll
FF - plugin: d:\office\media\netscape6\nprjplug.dll
FF - plugin: d:\office\media\netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
f:\firefox3\363\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox3\363\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox3\363\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox3\363\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox3\363\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox3\363\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox3\363\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox3\363\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox3\363\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox3\363\greprefs\all.js - pref("html5.enable", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox3\363\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox3\363\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox3\363\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox3\363\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox3\363\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-9-8 76416]
S1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [2007-9-2 80128]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-9-2 70784]
S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2007-9-2 14592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-6-26 98984]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-21 30192]
S3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2007-9-2 21888]
S3 Oxmfuf;Filter driver for OX16PCI954 ports;c:\windows\system32\drivers\oxmfuf.sys [2007-9-2 5888]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;g:\downloads\sandra_techsuptsw\sisoftware sandra lite 2009.sp4\RpcAgentSrv.exe [2009-8-20 99176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 ZSMC0305;ZVC7100 PC CAMERA (VC0305);c:\windows\system32\drivers\usbVM305.sys [2007-11-28 392444]
=============== Created Last 30 ================
2010-07-04 10:09:58 0 d-----w- c:\windows\system32\KB905474
2010-07-04 10:01:04 0 d-----w- c:\program files\MSXML 4.0
2010-07-04 07:41:16 288 ----a-w- c:\windows\fnp.bat
2010-07-04 06:21:12 0 d-----w- c:\windows\system32\CatRoot_bak
2010-07-04 06:19:03 0 d-----w- c:\docume~1\bigdad~1\applic~1\Malwarebytes
2010-07-04 06:18:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 06:18:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-04 06:18:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 06:00:28 55 --sh--r- C:\autorun.inf
2010-07-04 05:59:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-04 05:58:33 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-04 05:50:50 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-07-04 05:45:59 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-07-04 05:41:24 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-07-04 05:39:18 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-04 05:34:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-04 05:34:39 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-03 22:54:09 49 ----a-w- c:\windows\proc.bat
2010-07-03 14:40:44 117248 --sh--r- C:\g6jk.exe
2010-07-02 01:35:37 116224 --sh--r- C:\rxf.exe
2010-06-24 15:37:21 117248 --sh--r- C:\eyruu.exe
2010-06-12 01:44:30 116224 --sh--r- C:\2ul.exe
==================== Find3M ====================
2010-05-15 20:56:14 256 ----a-w- c:\documents and settings\big daddy\pool.bin
2010-05-10 16:06:06 61440 ----a-w- c:\docume~1\bigdad~1\applic~1\GDIPFONTCACHEV1.DAT
2010-05-07 18:02:42 195584 ----a-w- c:\windows\system32\bzpdf.dll
2010-05-07 17:59:06 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 18:06:25.14 ===============
http://forums.spybot.info/showthread.php?t=58335
Windows SP2
Spybot 1.6.2(Spybot user for 1+ years)
Database Update 2010-06-30
I reboot my PC and run Spybot, select
CHECK FOR PROBLEMS
Everything runs normal, with the RUNNING BOT-CHECK status line at the bottom with the counter running. Once the counter displays just past 129000, Spybot simply closes.
===================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Big Daddy at 18:06:05.54 on Mon 07/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1504 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Boeing_bss\BSS 2.3\VPN_Client_4.8\VPNClient\cvpnd.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\drivers\KENSIN~1\keyboard\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
F:\Hardcopy\20070903\hardcopy.exe
C:\WINDOWS\system32\wuauclt.exe
G:\downloads\dds\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\spybot\1dot62\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [dso32] c:\docume~1\bigdad~1\locals~1\temp\dsoqq.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kenkeybd] f:\drivers\kensin~1\keyboard\keyboard\Ikeymain.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: c:\docume~1\bigdad~1\startm~1\programs\startup\hardcopy.lnk - f:\hardcopy\20070903\hardcopy.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Event Reminder.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VPN Client.lnk.disabled
IE: E&xport to Microsoft Excel - d:\office\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - o:\hooperpc\c_apps1_05gb\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\spybot\1dot62\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197488610812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\bigdad~1\applic~1\mozilla\firefox\profiles\lolj6512.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://excite.com/
FF - component: c:\documents and settings\big daddy\application data\mozilla\firefox\profiles\lolj6512.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\office\media\netscape6\nppl3260.dll
FF - plugin: d:\office\media\netscape6\nprjplug.dll
FF - plugin: d:\office\media\netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
f:\firefox3\363\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox3\363\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox3\363\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox3\363\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox3\363\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox3\363\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox3\363\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox3\363\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox3\363\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox3\363\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox3\363\greprefs\all.js - pref("html5.enable", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox3\363\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox3\363\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox3\363\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox3\363\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox3\363\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox3\363\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox3\363\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox3\363\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-9-8 76416]
S1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [2007-9-2 80128]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-9-2 70784]
S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2007-9-2 14592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-6-26 98984]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-21 30192]
S3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2007-9-2 21888]
S3 Oxmfuf;Filter driver for OX16PCI954 ports;c:\windows\system32\drivers\oxmfuf.sys [2007-9-2 5888]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;g:\downloads\sandra_techsuptsw\sisoftware sandra lite 2009.sp4\RpcAgentSrv.exe [2009-8-20 99176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 ZSMC0305;ZVC7100 PC CAMERA (VC0305);c:\windows\system32\drivers\usbVM305.sys [2007-11-28 392444]
=============== Created Last 30 ================
2010-07-04 10:09:58 0 d-----w- c:\windows\system32\KB905474
2010-07-04 10:01:04 0 d-----w- c:\program files\MSXML 4.0
2010-07-04 07:41:16 288 ----a-w- c:\windows\fnp.bat
2010-07-04 06:21:12 0 d-----w- c:\windows\system32\CatRoot_bak
2010-07-04 06:19:03 0 d-----w- c:\docume~1\bigdad~1\applic~1\Malwarebytes
2010-07-04 06:18:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 06:18:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-04 06:18:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 06:00:28 55 --sh--r- C:\autorun.inf
2010-07-04 05:59:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-04 05:58:33 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-04 05:50:50 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-07-04 05:45:59 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-07-04 05:41:24 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-07-04 05:39:18 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-04 05:34:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-04 05:34:39 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-03 22:54:09 49 ----a-w- c:\windows\proc.bat
2010-07-03 14:40:44 117248 --sh--r- C:\g6jk.exe
2010-07-02 01:35:37 116224 --sh--r- C:\rxf.exe
2010-06-24 15:37:21 117248 --sh--r- C:\eyruu.exe
2010-06-12 01:44:30 116224 --sh--r- C:\2ul.exe
==================== Find3M ====================
2010-05-15 20:56:14 256 ----a-w- c:\documents and settings\big daddy\pool.bin
2010-05-10 16:06:06 61440 ----a-w- c:\docume~1\bigdad~1\applic~1\GDIPFONTCACHEV1.DAT
2010-05-07 18:02:42 195584 ----a-w- c:\windows\system32\bzpdf.dll
2010-05-07 17:59:06 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 18:06:25.14 ===============
http://forums.spybot.info/showthread.php?t=58335