View Full Version : Facebook malware problem? Infected?
HI
My pc has been really slow since I accidently clicked on a link on facebook.
I have run Norton & Spybot and nothing showed up except cookies which I deleted.
Something is using my sytem resources but what I don't know can only assume I have been infected with something.
Hope you can help.
Cant zip the second dds report as instructed so for now have just pasted one of them.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ali at 21:32:53.78 on 07/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.227 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ali\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ali\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ali\applic~1\mozilla\firefox\profiles\fnf0lxz9.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ali\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ali\application data\mozilla\firefox\profiles\fnf0lxz9.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\ali\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100706.003\IDSXpx86.sys [2010-7-7 331640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-31 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100707.002\NAVENG.SYS [2010-7-7 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100707.002\NAVEX15.SYS [2010-7-7 1347504]
=============== Created Last 30 ================
2010-06-24 15:35:14 1409 ----a-w- c:\windows\QTFont.for
2010-06-24 15:35:13 54156 ---ha-w- c:\windows\QTFont.qfn
2010-06-20 20:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\GreenGamer
==================== Find3M ====================
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36:49 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 21:34:31.03 ===============
Hi,
Please post fresh dds reports (copy-paste contents).
Hi
Thanks for replying. Pc still playing up. Something still using resources and IE keeps radomly opening numerous copies of same window. Event log appears to also indicate someone has attempted to log on but given wrong password.
Here's logs.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ali at 12:58:39.04 on 13/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.177 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ali\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ali\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://212.9.30.37:8080/SysCamInst.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} - hxxp://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://sun.jerseyinsight.com/AxisCamControl.ocx
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} - hxxp://games.bigfishgames.com/en_custom-jigsaw/online/axcontrol.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ali\applic~1\mozilla\firefox\profiles\fnf0lxz9.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ali\application data\mozilla\firefox\profiles\fnf0lxz9.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\ali\application data\mozilla\firefox\profiles\fnf0lxz9.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\ali\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100712.001\IDSXpx86.sys [2010-7-13 331640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-31 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100712.051\NAVENG.SYS [2010-7-13 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100712.051\NAVEX15.SYS [2010-7-13 1347504]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
=============== Created Last 30 ================
2010-07-11 21:30:27 0 d-----w- c:\windows\system32\Adobe
2010-07-10 22:04:51 1409 ----a-w- c:\windows\QTFont.for
2010-07-10 22:04:50 54156 ---ha-w- c:\windows\QTFont.qfn
2010-07-10 20:57:41 0 d-----w- c:\program files\Secunia
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-20 20:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\GreenGamer
==================== Find3M ====================
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36:49 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36:45 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 13:00:16.04 ===============
Second one.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2006 10:30:13
System Uptime: 13/07/2010 12:14:24 (1 hours ago)
Motherboard: Hewlett-Packard | | 3088
Processor: Intel(R) Celeron(R) M processor 1.40GHz | JP12 | 1396/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 18.624 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_099C103C&REV_02\4&AD1B67F&0&70F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_099C103C&REV_02\4&AD1B67F&0&70F0
Service: bcm4sbxp
==== System Restore Points ===================
RP145: 14/04/2010 22:42:17 - Software Distribution Service 3.0
RP146: 20/04/2010 18:31:15 - System Checkpoint
RP147: 25/04/2010 19:44:38 - System Checkpoint
RP148: 28/04/2010 22:26:00 - System Checkpoint
RP149: 05/05/2010 21:08:23 - System Checkpoint
RP150: 07/05/2010 13:22:27 - System Checkpoint
RP151: 09/05/2010 14:09:44 - Installed Java(TM) 6 Update 20
RP152: 13/05/2010 12:13:50 - Software Distribution Service 3.0
RP153: 15/05/2010 20:08:46 - System Checkpoint
RP154: 18/05/2010 15:21:08 - System Checkpoint
RP155: 19/05/2010 20:10:34 - System Checkpoint
RP156: 21/05/2010 16:48:45 - System Checkpoint
RP157: 22/05/2010 15:58:12 - Removed Ancestry World Archives Project - Keying Tool.
RP158: 22/05/2010 15:58:54 - Installed Ancestry World Archives Project - Keying Tool.
RP159: 24/05/2010 21:08:00 - System Checkpoint
RP160: 25/05/2010 21:50:24 - System Checkpoint
RP161: 26/05/2010 11:00:46 - Software Distribution Service 3.0
RP162: 27/05/2010 19:31:22 - System Checkpoint
RP163: 01/06/2010 20:50:29 - System Checkpoint
RP164: 02/06/2010 22:03:23 - System Checkpoint
RP165: 04/06/2010 19:08:27 - System Checkpoint
RP166: 05/06/2010 20:28:14 - System Checkpoint
RP167: 10/06/2010 12:19:51 - Software Distribution Service 3.0
RP168: 12/06/2010 15:23:35 - System Checkpoint
RP169: 13/06/2010 19:31:43 - System Checkpoint
RP170: 19/06/2010 18:18:45 - System Checkpoint
RP171: 21/06/2010 16:35:01 - System Checkpoint
RP172: 24/06/2010 11:15:26 - Software Distribution Service 3.0
RP173: 26/06/2010 17:45:14 - System Checkpoint
RP174: 01/07/2010 11:24:22 - System Checkpoint
RP175: 02/07/2010 17:53:35 - System Checkpoint
RP176: 04/07/2010 22:12:33 - System Checkpoint
RP177: 06/07/2010 16:16:03 - System Checkpoint
RP178: 08/07/2010 22:21:00 - Software Distribution Service 3.0
RP179: 10/07/2010 23:22:56 - Installed QuickTime
RP180: 11/07/2010 13:48:08 - Installed LizardTech DjVu Control
RP181: 12/07/2010 21:24:46 - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Agere Systems AC'97 Modem
Ancestry World Archives Project - Keying Tool
Apple Application Support
Apple Software Update
Bing Maps 3D
Broadcom 440x 10/100 Integrated Controller
BT Voyager Wireless Utility
Critical Update for Windows Media Player 11 (KB959772)
ERUNT 1.1j
Fish Tycoon (remove only)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Accessories Product Tour
HP BIOS Configuration for ProtectTools 1.00 B7
HP Help and Support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Printer Series
HP ProtectTools Security Manager 1.00 C3
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
InterVideo DVD Check
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
Lexmark 6200 Series
LizardTech DjVu Control
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Norton AntiVirus
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Quick Launch Buttons 5.00 D5
QuickTime
rayman2
RealPlayer
Secunia PSI
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VIMICRO USB PC Camera
VLC media player 1.1.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZIP Reader 8.00.0018
==== Event Viewer Messages From Past Week ========
12/07/2010 19:33:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
11/07/2010 22:38:28, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/07/2010 12:34:33, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/07/2010 16:33:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
08/07/2010 11:55:02, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/07/2010 12:27:18, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
As requested combofix log & new DDS logs.
ComboFix 10-07-12.06 - Ali 13/07/2010 19:28:44.19.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.289 [GMT 1:00]
Running from: c:\documents and settings\Ali\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\Temp
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.
2010-07-11 21:30 . 2010-07-11 21:31 -------- d-----w- c:\windows\system32\Adobe
2010-07-11 11:57 . 2010-07-11 11:58 -------- d-----w- c:\documents and settings\Ali\Application Data\vlc
2010-07-10 22:24 . 2010-07-10 22:26 -------- d-----w- c:\program files\QuickTime
2010-07-10 22:21 . 2010-07-10 22:21 -------- d-----w- c:\program files\Common Files\Apple
2010-07-10 22:21 . 2010-07-10 22:21 -------- d-----w- c:\program files\Apple Software Update
2010-07-10 22:21 . 2010-07-10 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-10 20:57 . 2010-07-10 20:57 -------- d-----w- c:\program files\Secunia
2010-07-07 20:25 . 2010-07-07 20:25 -------- d-----w- c:\program files\ERUNT
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-20 20:29 . 2010-04-28 15:04 1359872 ----a-w- c:\documents and settings\All Users\Application Data\GreenGamer\jigsaw\jigsaw.dll
2010-06-20 20:28 . 2010-06-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\GreenGamer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 12:48 . 2006-03-02 18:55 -------- d-----w- c:\program files\LizardTech
2010-07-11 12:48 . 2006-02-02 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 12:13 . 2006-02-08 23:30 -------- d-----w- c:\program files\BFG
2010-07-10 22:48 . 2006-02-23 00:58 -------- d-----w- c:\documents and settings\Ali\Application Data\AdobeUM
2010-07-07 14:11 . 2009-03-18 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 14:35 . 2010-05-23 14:35 503808 ----a-w- c:\documents and settings\Ali\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1228f02e-n\msvcp71.dll
2010-05-23 14:35 . 2010-05-23 14:35 499712 ----a-w- c:\documents and settings\Ali\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1228f02e-n\jmc.dll
2010-05-23 14:35 . 2010-05-23 14:35 348160 ----a-w- c:\documents and settings\Ali\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1228f02e-n\msvcr71.dll
2010-05-23 14:35 . 2010-05-23 14:35 61440 ----a-w- c:\documents and settings\Ali\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2eb2f279-n\decora-sse.dll
2010-05-23 14:35 . 2010-05-23 14:35 12800 ----a-w- c:\documents and settings\Ali\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2eb2f279-n\decora-d3d.dll
2010-05-22 14:59 . 2010-05-22 14:59 -------- d-----w- c:\program files\Ancestry
2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2009-03-18 23:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-03-18 23:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2007-11-11 01:03 . 2007-11-11 00:51 6670 --sh--w- c:\windows\system32\ybeeg.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-15 68856]
"Google Update"="c:\documents and settings\Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-24 136176]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-22 19:49 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-11-22 19:48 348160 ----a-w- c:\windows\system32\hphmon04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-11-22 19:50 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 14:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-09-23 12:41 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 09:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-19 13:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2004-10-26 16:17 184320 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [03/02/2010 21:37 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [03/02/2010 21:37 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [03/02/2010 21:35 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100712.001\IDSXpx86.sys [13/07/2010 12:26 331640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/05/2010 09:00 102448]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
.
Contents of the 'Scheduled Tasks' folder
2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-725345543-1005Core.job
- c:\documents and settings\Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 22:15]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-725345543-1005UA.job
- c:\documents and settings\Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://212.9.30.37:8080/SysCamInst.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} - hxxp://games.bigfishgames.com/en_custom-jigsaw/online/axcontrol.cab
FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\fnf0lxz9.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\fnf0lxz9.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Ali\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 19:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?2?8?2??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-13 19:50:13
ComboFix-quarantined-files.txt 2010-07-13 18:49
ComboFix2.txt 2009-03-20 18:30
Pre-Run: 20,323,708,928 bytes free
Post-Run: 20,724,035,584 bytes free
- - End Of File - - D9012A0E6C876ED1CCECA25055DFBE77
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ali at 19:57:56.65 on 13/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.85 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Ali\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ali\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://212.9.30.37:8080/SysCamInst.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} - hxxp://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://sun.jerseyinsight.com/AxisCamControl.ocx
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} - hxxp://games.bigfishgames.com/en_custom-jigsaw/online/axcontrol.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ali\applic~1\mozilla\firefox\profiles\fnf0lxz9.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100712.001\IDSXpx86.sys [2010-7-13 331640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-31 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100712.051\NAVENG.SYS [2010-7-13 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100712.051\NAVEX15.SYS [2010-7-13 1347504]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
=============== Created Last 30 ================
2010-07-13 18:23:44 98816 ----a-w- c:\windows\sed.exe
2010-07-13 18:23:44 77312 ----a-w- c:\windows\MBR.exe
2010-07-13 18:23:44 256512 ----a-w- c:\windows\PEV.exe
2010-07-13 18:23:44 161792 ----a-w- c:\windows\SWREG.exe
2010-07-11 21:30:27 0 d-----w- c:\windows\system32\Adobe
2010-07-10 22:04:51 1409 ----a-w- c:\windows\QTFont.for
2010-07-10 22:04:50 54156 ---ha-w- c:\windows\QTFont.qfn
2010-07-10 20:57:41 0 d-----w- c:\program files\Secunia
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-20 20:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\GreenGamer
==================== Find3M ====================
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36:49 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36:45 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 19:59:02.35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2006 10:30:13
System Uptime: 13/07/2010 12:14:24 (7 hours ago)
Motherboard: Hewlett-Packard | | 3088
Processor: Intel(R) Celeron(R) M processor 1.40GHz | JP12 | 1396/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 19.331 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_099C103C&REV_02\4&AD1B67F&0&70F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_099C103C&REV_02\4&AD1B67F&0&70F0
Service: bcm4sbxp
==== System Restore Points ===================
RP145: 14/04/2010 22:42:17 - Software Distribution Service 3.0
RP146: 20/04/2010 18:31:15 - System Checkpoint
RP147: 25/04/2010 19:44:38 - System Checkpoint
RP148: 28/04/2010 22:26:00 - System Checkpoint
RP149: 05/05/2010 21:08:23 - System Checkpoint
RP150: 07/05/2010 13:22:27 - System Checkpoint
RP151: 09/05/2010 14:09:44 - Installed Java(TM) 6 Update 20
RP152: 13/05/2010 12:13:50 - Software Distribution Service 3.0
RP153: 15/05/2010 20:08:46 - System Checkpoint
RP154: 18/05/2010 15:21:08 - System Checkpoint
RP155: 19/05/2010 20:10:34 - System Checkpoint
RP156: 21/05/2010 16:48:45 - System Checkpoint
RP157: 22/05/2010 15:58:12 - Removed Ancestry World Archives Project - Keying Tool.
RP158: 22/05/2010 15:58:54 - Installed Ancestry World Archives Project - Keying Tool.
RP159: 24/05/2010 21:08:00 - System Checkpoint
RP160: 25/05/2010 21:50:24 - System Checkpoint
RP161: 26/05/2010 11:00:46 - Software Distribution Service 3.0
RP162: 27/05/2010 19:31:22 - System Checkpoint
RP163: 01/06/2010 20:50:29 - System Checkpoint
RP164: 02/06/2010 22:03:23 - System Checkpoint
RP165: 04/06/2010 19:08:27 - System Checkpoint
RP166: 05/06/2010 20:28:14 - System Checkpoint
RP167: 10/06/2010 12:19:51 - Software Distribution Service 3.0
RP168: 12/06/2010 15:23:35 - System Checkpoint
RP169: 13/06/2010 19:31:43 - System Checkpoint
RP170: 19/06/2010 18:18:45 - System Checkpoint
RP171: 21/06/2010 16:35:01 - System Checkpoint
RP172: 24/06/2010 11:15:26 - Software Distribution Service 3.0
RP173: 26/06/2010 17:45:14 - System Checkpoint
RP174: 01/07/2010 11:24:22 - System Checkpoint
RP175: 02/07/2010 17:53:35 - System Checkpoint
RP176: 04/07/2010 22:12:33 - System Checkpoint
RP177: 06/07/2010 16:16:03 - System Checkpoint
RP178: 08/07/2010 22:21:00 - Software Distribution Service 3.0
RP179: 10/07/2010 23:22:56 - Installed QuickTime
RP180: 11/07/2010 13:48:08 - Installed LizardTech DjVu Control
RP181: 12/07/2010 21:24:46 - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Agere Systems AC'97 Modem
Ancestry World Archives Project - Keying Tool
Apple Application Support
Apple Software Update
Bing Maps 3D
Broadcom 440x 10/100 Integrated Controller
BT Voyager Wireless Utility
Critical Update for Windows Media Player 11 (KB959772)
ERUNT 1.1j
Fish Tycoon (remove only)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Accessories Product Tour
HP BIOS Configuration for ProtectTools 1.00 B7
HP Help and Support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Printer Series
HP ProtectTools Security Manager 1.00 C3
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
InterVideo DVD Check
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
Lexmark 6200 Series
LizardTech DjVu Control
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Norton AntiVirus
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Quick Launch Buttons 5.00 D5
QuickTime
rayman2
RealPlayer
Secunia PSI
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VIMICRO USB PC Camera
VLC media player 1.1.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZIP Reader 8.00.0018
==== Event Viewer Messages From Past Week ========
13/07/2010 19:28:31, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
13/07/2010 19:28:10, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/07/2010 19:33:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
11/07/2010 22:38:28, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/07/2010 12:34:33, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/07/2010 16:33:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
08/07/2010 11:55:02, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/07/2010 12:27:18, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00904BA8F525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Hi again,
Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh dds.txt log. Still symptoms?
Uninstalled abobe even though I was only prompted with an update about a week ago. New one doesn't want to install. So will try something else at a later date. Ran ATF for IE and FF.
Still having IE open up windows periodically but they are not redirecting me to anywhere just copies of the page I am on as before.
I cannot run Kaspersky.
I turned off Norton. In IE it let me download the updates but the scan button stays greyed out. Tried Google chrome and it says system does not meet requirements. Firefox reacts the same as IE.
Do you still want a dds log or is there another scanner we can try first?
Hi,
Start MBAM, update database and run a quick scan removing found items. Post back the report. Any reason why you still have Internet Explorer 6 installed? I'd recommend getting IE8 or IE7 at least.
Afternoon :-)
Ok ran Mbam twice, crashed first time after it found infection. Which I notice is adobe reader 9.3 which as I said failed to install, although I see it did manage to install the Adobe AIR part whatever that is.
As for IE I tried an upgrade to 7 a good while ago, but for whatever reason my system didn't like it so I reverted back to 6. I just haven't got around to trying 8 as think my system might be getting/got to old. :red:
Anyway heres the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4312
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
14/07/2010 14:28:52
mbam-log-2010-07-14 (14-28-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 220696
Time elapsed: 1 hour(s), 9 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Ali\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Folder.jpg (Extension.Mismatch) -> No action taken.
Hi,
Using IE6 is becoming more risky from security point of view. I recommend to try IE8.
Could you try to reinstall Adobe Reader?
Ok will try and reinstall it now.
I am still getting numerous copies of IE open up randomly. Last episode was just after my last post where about 30 windows appeared. I had to shut it down in tskmgr as usual.
3 attempts later and Adobe 9.3 now installed. :)
Forgot to mention since having this current problem, intermittently when clicking on a link in IE I am having to click twice rather than the normal once to get it to work. Happened again while trying to get install adobe, first 2 attempts normal and third time nothing till I clicked again. Most odd.
Oh and should I be concerned about the MBAM report?
Hi,
I still recommend to update IE to version 8 (or 7). I want to see if that has any effect on that IE issue.
Does that MBAM finding still show up after Adobe Reader reinstallation?
Ok I will give it a go in the morning as I want an early night tonight :-)
Thanks for your continuing help.
Ok I will give it a go in the morning as I want an early night tonight :-)
Good idea :)
Hi
Just now had time to get back to pc, busy busy day. Anyway just had to check something before installing new IE, and I've discovered a new problem. NONE of my favourites are working in IE anymore. They were ok a few days ago but now I click and nothing happens, and I notice all the little pics that they had by them are now all the same little logos which seem to be little browser windows.
IE is my default browser. HELP!
Hi,
Export your favourites to a backup file and then try to upgrade IE to later version.
Hi
Phew well I now have IE8 and bookmarks appear to be back.
Computer slowed a lot though. No annoying page openings yet but only had it done for about 10 mins.
Being thick about this new browser I have a yellow bar saying it is running with add ons disabled. However On inspection it says all add ons enabled and there is nothing I wish to delete as its things like quick time, media player, shockwave etc.
A few pointers what to do would be great :D:
Hi,
Click start->all programs->right-click Internet Explorer and select properties. Go to Shortcut tab. What does the Target field have in it?
Morning .
"C:\Program Files\Internet Explorer\iexplore.exe"
Path looks ok. Next you could try to reset IE settings. Instructions here (http://support.microsoft.com/kb/923737).
Evening
Have got a solution for the yellow bar issue. It is only 1 item that it is causing it to appear and for now I will have to wait as the software does not currently have an IE8 fix.
Have had 1 instance today of multiple windows opening, but it was in facebook only. Touch wood none anywhere else.
There is something still something happening in eventvwr that has me worried my system is possibly not 100%.
In security I have instances of "audit failure" Category 529 in advapi
bad username/password. Microsofts explanation seems to suggest to me that someone/something has tried logging on to my system.
Excuse my stupidity if I have misunderstood and am worried over nothing.
Hi,
That sounds like the thing described in this (http://support.microsoft.com/?kbid=305822) knowledge base article.
Indeed it does, thanks.
So would you say I'm all clean and safe now? Or is that one issue with multiple windows still risky?
Hi,
At least I couldn't spot anything out of ordinary there :)
So do I need to uninstall any of the things used combofix dds etc?
Hi,
Uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You may also delete logs created during this process (dds.txt, attach.txt etc).
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.