tinsong
2010-07-08, 21:06
Hi,
Thanks for your help in advance.
I ran Spybot S&D 1.6.2.46 and Virtumonde.prx popped up.
Symptoms: A new tab opens with "google.com/webph" and when I click links (on normal google search not the /webph site) it re-directs me to various pages and does not allow me to go on these forums. I'm using Firefox 3.5.10.
I've backed up my registry and here is the DDS report.
####################################################
DDS (Ver_10-03-17.01) - NTFSx86
Run by Christina at 10:50:22.51 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1860 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Christina\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "i:\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Qrojutegefixi] rundll32.exe "c:\windows\wsizhc.dll",Startup
mRun: [NVRTCLK] c:\windows\system32\nvrtclk\NVRTClk.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Prolific_OneButton] c:\program files\usbfast\OneBtn.exe
mRun: [Sburiqemejizuqu] rundll32.exe "c:\windows\umabidovugiyar.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\er48jyq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\christina\application data\mozilla\firefox\profiles\er48jyq2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: g:\java\bin\new_plugin\npdeploytk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {809D8F5A-070D-4A44-8FE1-AEACA1356576} - c:\documents and settings\christina\local settings\application data\{809d8f5a-070d-4a44-8fe1-aeaca1356576}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-3-10 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-3-10 16640]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2003-10-10 198144]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-07-08 14:05:47 91 ----a-w- c:\windows\wininit.ini
2010-07-08 08:12:52 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-08 08:12:52 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-08 08:12:52 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-08 08:12:52 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-08 08:12:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-08 08:12:52 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-08 08:12:52 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-08 08:12:52 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-08 08:12:46 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-08 08:12:46 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-08 08:12:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-08 08:12:42 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-05 17:51:57 120 ----a-w- c:\windows\Spodozanijuduli.dat
2010-07-05 17:51:57 0 ----a-w- c:\windows\Ocaqi.bin
2010-06-15 06:02:14 3471 ----a-w- c:\documents and settings\christina\.recently-used.xbel
==================== Find3M ====================
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-11 22:18:44 49422754 ----a-w- c:\program files\netbeans-6.8-ml-javase-windows.exe
2010-04-10 04:38:05 80394008 ----a-w- c:\program files\jdk-6u19-windows-i586.exe
============= FINISH: 10:51:59.79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2003 4:35:02 PM
System Uptime: 7/8/2010 9:43:45 AM (1 hours ago)
Motherboard: Shuttle Inc | | AN35
Processor: AMD Athlon(tm) | Socket A | 1094/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 19 GiB total, 5.307 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
Device ID: USB\VID_1737&PID_0075\00
Manufacturer: Linksys, A Division of Cisco
Name: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
PNP Device ID: USB\VID_1737&PID_0075\00
Service: WUSB54GSCV2
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Service:
==== System Restore Points ===================
RP284: 6/20/2010 9:42:36 AM - System Checkpoint
RP285: 6/21/2010 9:51:25 AM - System Checkpoint
RP286: 6/22/2010 10:10:50 AM - System Checkpoint
RP287: 6/23/2010 10:27:53 AM - System Checkpoint
RP288: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP289: 6/25/2010 3:18:35 AM - System Checkpoint
RP290: 6/26/2010 4:13:51 AM - System Checkpoint
RP291: 6/27/2010 5:09:23 AM - System Checkpoint
RP292: 6/28/2010 6:04:44 AM - System Checkpoint
RP293: 6/29/2010 7:00:01 AM - System Checkpoint
RP294: 6/30/2010 9:04:21 AM - System Checkpoint
RP295: 7/1/2010 9:13:13 AM - System Checkpoint
RP296: 7/2/2010 9:22:18 AM - System Checkpoint
RP297: 7/3/2010 10:31:55 AM - System Checkpoint
RP298: 7/4/2010 11:34:45 AM - System Checkpoint
RP299: 7/5/2010 11:40:26 AM - System Checkpoint
RP300: 7/6/2010 11:14:10 PM - System Checkpoint
RP301: 7/8/2010 12:05:03 AM - System Checkpoint
RP302: 7/8/2010 10:21:28 AM - Removed Quake Live Mozilla Plugin
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
ArcGIS Desktop Evaluation Edition
Canon MP Navigator EX 1.0
Canon MP210 series
Compact Wireless-G USB Network Adapter with SpeedBooster
Connect
Download Updater (AOL LLC)
EA Download Manager
ERUNT 1.1j
Getting to Know ArcGIS Desktop - Exercise Data
GIMP 2.6.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 19
JCreator LE 4.50
kuler
LightScribe System Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NetBeans IDE 6.8
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Python 2.5 numpy-1.0.3
Python 2.5.1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Skype™ 4.1
Spybot - Search & Destroy
Suite Shared Configuration CS4
The Sims™ 3
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USBFast
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
==== Event Viewer Messages From Past Week ========
7/5/2010 8:28:29 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:24 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:04 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 11:56:29 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/5/2010 11:56:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: All pipe instances are busy.
7/2/2010 1:45:39 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer IRVTIN-50FA64 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6319945F-F9C8-. The master browser is stopping or an election is being forced.
==== End Of File ===========================
fresh DDS report with tea timer OFF. sorry about that. p.s. I'm currently transferring these logs via USB because I've turned off the connection on the infected computer. Is this a safe way?
DDS (Ver_10-03-17.01) - NTFSx86
Run by Christina at 11:14:21.60 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2166 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Christina\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "i:\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Qrojutegefixi] rundll32.exe "c:\windows\wsizhc.dll",Startup
mRun: [NVRTCLK] c:\windows\system32\nvrtclk\NVRTClk.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Prolific_OneButton] c:\program files\usbfast\OneBtn.exe
mRun: [Sburiqemejizuqu] rundll32.exe "c:\windows\umabidovugiyar.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\er48jyq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\christina\application data\mozilla\firefox\profiles\er48jyq2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: g:\java\bin\new_plugin\npdeploytk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {809D8F5A-070D-4A44-8FE1-AEACA1356576} - c:\documents and settings\christina\local settings\application data\{809D8F5A-070D-4A44-8FE1-AEACA1356576}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2003-10-10 65596]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-3-10 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-3-10 16640]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2003-10-10 198144]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-07-08 14:05:47 91 ----a-w- c:\windows\wininit.ini
2010-07-08 08:12:52 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-08 08:12:52 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-08 08:12:52 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-08 08:12:52 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-08 08:12:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-08 08:12:52 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-08 08:12:52 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-08 08:12:52 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-08 08:12:46 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-08 08:12:46 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-08 08:12:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-08 08:12:42 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-05 17:51:57 120 ----a-w- c:\windows\Spodozanijuduli.dat
2010-07-05 17:51:57 0 ----a-w- c:\windows\Ocaqi.bin
2010-06-15 06:02:14 3471 ----a-w- c:\documents and settings\christina\.recently-used.xbel
==================== Find3M ====================
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-11 22:18:44 49422754 ----a-w- c:\program files\netbeans-6.8-ml-javase-windows.exe
2010-04-10 04:38:05 80394008 ----a-w- c:\program files\jdk-6u19-windows-i586.exe
============= FINISH: 11:15:43.25 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2003 4:35:02 PM
System Uptime: 7/8/2010 11:12:10 AM (0 hours ago)
Motherboard: Shuttle Inc | | AN35
Processor: AMD Athlon(tm) XP | Socket A | 1094/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 19 GiB total, 5.344 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
Device ID: USB\VID_1737&PID_0075\00
Manufacturer: Linksys, A Division of Cisco
Name: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
PNP Device ID: USB\VID_1737&PID_0075\00
Service: WUSB54GSCV2
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Service:
==== System Restore Points ===================
RP284: 6/20/2010 9:42:36 AM - System Checkpoint
RP285: 6/21/2010 9:51:25 AM - System Checkpoint
RP286: 6/22/2010 10:10:50 AM - System Checkpoint
RP287: 6/23/2010 10:27:53 AM - System Checkpoint
RP288: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP289: 6/25/2010 3:18:35 AM - System Checkpoint
RP290: 6/26/2010 4:13:51 AM - System Checkpoint
RP291: 6/27/2010 5:09:23 AM - System Checkpoint
RP292: 6/28/2010 6:04:44 AM - System Checkpoint
RP293: 6/29/2010 7:00:01 AM - System Checkpoint
RP294: 6/30/2010 9:04:21 AM - System Checkpoint
RP295: 7/1/2010 9:13:13 AM - System Checkpoint
RP296: 7/2/2010 9:22:18 AM - System Checkpoint
RP297: 7/3/2010 10:31:55 AM - System Checkpoint
RP298: 7/4/2010 11:34:45 AM - System Checkpoint
RP299: 7/5/2010 11:40:26 AM - System Checkpoint
RP300: 7/6/2010 11:14:10 PM - System Checkpoint
RP301: 7/8/2010 12:05:03 AM - System Checkpoint
RP302: 7/8/2010 10:21:28 AM - Removed Quake Live Mozilla Plugin
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
ArcGIS Desktop Evaluation Edition
Canon MP Navigator EX 1.0
Canon MP210 series
Compact Wireless-G USB Network Adapter with SpeedBooster
Connect
Download Updater (AOL LLC)
EA Download Manager
ERUNT 1.1j
Getting to Know ArcGIS Desktop - Exercise Data
GIMP 2.6.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 19
JCreator LE 4.50
kuler
LightScribe System Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NetBeans IDE 6.8
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Python 2.5 numpy-1.0.3
Python 2.5.1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Skype™ 4.1
Spybot - Search & Destroy
Suite Shared Configuration CS4
The Sims™ 3
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USBFast
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
==== Event Viewer Messages From Past Week ========
7/5/2010 8:28:29 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:24 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:04 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 11:56:29 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/5/2010 11:56:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: All pipe instances are busy.
7/2/2010 1:45:39 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer IRVTIN-50FA64 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6319945F-F9C8-. The master browser is stopping or an election is being forced.
==== End Of File ===========================
update on the situation:
I ran malware bytes anti-malware and came up with 5 infections including Trojan.Hiloti, Rouge.Installer (and forgive me I forgot the rest). Here is the MBAM report.
atabase version: 4293
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
7/8/2010 1:48:51 PM
mbam-log-2010-07-08 (13-48-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 204911
Time elapsed: 34 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\wsizhc.dll (Trojan.Hiloti) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrojutegefixi (Trojan.Hiloti) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\wsizhc.dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\_restore{B4852261-8A13-4800-8585-D334761D62BC}\RP302\A0021060.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
Thanks for your help in advance.
I ran Spybot S&D 1.6.2.46 and Virtumonde.prx popped up.
Symptoms: A new tab opens with "google.com/webph" and when I click links (on normal google search not the /webph site) it re-directs me to various pages and does not allow me to go on these forums. I'm using Firefox 3.5.10.
I've backed up my registry and here is the DDS report.
####################################################
DDS (Ver_10-03-17.01) - NTFSx86
Run by Christina at 10:50:22.51 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1860 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Christina\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "i:\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Qrojutegefixi] rundll32.exe "c:\windows\wsizhc.dll",Startup
mRun: [NVRTCLK] c:\windows\system32\nvrtclk\NVRTClk.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Prolific_OneButton] c:\program files\usbfast\OneBtn.exe
mRun: [Sburiqemejizuqu] rundll32.exe "c:\windows\umabidovugiyar.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\er48jyq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\christina\application data\mozilla\firefox\profiles\er48jyq2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: g:\java\bin\new_plugin\npdeploytk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {809D8F5A-070D-4A44-8FE1-AEACA1356576} - c:\documents and settings\christina\local settings\application data\{809d8f5a-070d-4a44-8fe1-aeaca1356576}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-3-10 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-3-10 16640]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2003-10-10 198144]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-07-08 14:05:47 91 ----a-w- c:\windows\wininit.ini
2010-07-08 08:12:52 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-08 08:12:52 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-08 08:12:52 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-08 08:12:52 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-08 08:12:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-08 08:12:52 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-08 08:12:52 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-08 08:12:52 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-08 08:12:46 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-08 08:12:46 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-08 08:12:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-08 08:12:42 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-05 17:51:57 120 ----a-w- c:\windows\Spodozanijuduli.dat
2010-07-05 17:51:57 0 ----a-w- c:\windows\Ocaqi.bin
2010-06-15 06:02:14 3471 ----a-w- c:\documents and settings\christina\.recently-used.xbel
==================== Find3M ====================
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-11 22:18:44 49422754 ----a-w- c:\program files\netbeans-6.8-ml-javase-windows.exe
2010-04-10 04:38:05 80394008 ----a-w- c:\program files\jdk-6u19-windows-i586.exe
============= FINISH: 10:51:59.79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2003 4:35:02 PM
System Uptime: 7/8/2010 9:43:45 AM (1 hours ago)
Motherboard: Shuttle Inc | | AN35
Processor: AMD Athlon(tm) | Socket A | 1094/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 19 GiB total, 5.307 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
Device ID: USB\VID_1737&PID_0075\00
Manufacturer: Linksys, A Division of Cisco
Name: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
PNP Device ID: USB\VID_1737&PID_0075\00
Service: WUSB54GSCV2
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Service:
==== System Restore Points ===================
RP284: 6/20/2010 9:42:36 AM - System Checkpoint
RP285: 6/21/2010 9:51:25 AM - System Checkpoint
RP286: 6/22/2010 10:10:50 AM - System Checkpoint
RP287: 6/23/2010 10:27:53 AM - System Checkpoint
RP288: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP289: 6/25/2010 3:18:35 AM - System Checkpoint
RP290: 6/26/2010 4:13:51 AM - System Checkpoint
RP291: 6/27/2010 5:09:23 AM - System Checkpoint
RP292: 6/28/2010 6:04:44 AM - System Checkpoint
RP293: 6/29/2010 7:00:01 AM - System Checkpoint
RP294: 6/30/2010 9:04:21 AM - System Checkpoint
RP295: 7/1/2010 9:13:13 AM - System Checkpoint
RP296: 7/2/2010 9:22:18 AM - System Checkpoint
RP297: 7/3/2010 10:31:55 AM - System Checkpoint
RP298: 7/4/2010 11:34:45 AM - System Checkpoint
RP299: 7/5/2010 11:40:26 AM - System Checkpoint
RP300: 7/6/2010 11:14:10 PM - System Checkpoint
RP301: 7/8/2010 12:05:03 AM - System Checkpoint
RP302: 7/8/2010 10:21:28 AM - Removed Quake Live Mozilla Plugin
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
ArcGIS Desktop Evaluation Edition
Canon MP Navigator EX 1.0
Canon MP210 series
Compact Wireless-G USB Network Adapter with SpeedBooster
Connect
Download Updater (AOL LLC)
EA Download Manager
ERUNT 1.1j
Getting to Know ArcGIS Desktop - Exercise Data
GIMP 2.6.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 19
JCreator LE 4.50
kuler
LightScribe System Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NetBeans IDE 6.8
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Python 2.5 numpy-1.0.3
Python 2.5.1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Skype™ 4.1
Spybot - Search & Destroy
Suite Shared Configuration CS4
The Sims™ 3
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USBFast
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
==== Event Viewer Messages From Past Week ========
7/5/2010 8:28:29 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:24 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:04 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 11:56:29 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/5/2010 11:56:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: All pipe instances are busy.
7/2/2010 1:45:39 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer IRVTIN-50FA64 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6319945F-F9C8-. The master browser is stopping or an election is being forced.
==== End Of File ===========================
fresh DDS report with tea timer OFF. sorry about that. p.s. I'm currently transferring these logs via USB because I've turned off the connection on the infected computer. Is this a safe way?
DDS (Ver_10-03-17.01) - NTFSx86
Run by Christina at 11:14:21.60 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2166 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Christina\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "i:\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Qrojutegefixi] rundll32.exe "c:\windows\wsizhc.dll",Startup
mRun: [NVRTCLK] c:\windows\system32\nvrtclk\NVRTClk.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Prolific_OneButton] c:\program files\usbfast\OneBtn.exe
mRun: [Sburiqemejizuqu] rundll32.exe "c:\windows\umabidovugiyar.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\er48jyq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\christina\application data\mozilla\firefox\profiles\er48jyq2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: g:\java\bin\new_plugin\npdeploytk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {809D8F5A-070D-4A44-8FE1-AEACA1356576} - c:\documents and settings\christina\local settings\application data\{809D8F5A-070D-4A44-8FE1-AEACA1356576}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2003-10-10 65596]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2010-3-10 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2010-3-10 16640]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2003-10-10 198144]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-07-08 14:05:47 91 ----a-w- c:\windows\wininit.ini
2010-07-08 08:12:52 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-08 08:12:52 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-08 08:12:52 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-08 08:12:52 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-08 08:12:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-08 08:12:52 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-08 08:12:52 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-08 08:12:52 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-08 08:12:46 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-08 08:12:46 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-08 08:12:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-08 08:12:42 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-05 17:51:57 120 ----a-w- c:\windows\Spodozanijuduli.dat
2010-07-05 17:51:57 0 ----a-w- c:\windows\Ocaqi.bin
2010-06-15 06:02:14 3471 ----a-w- c:\documents and settings\christina\.recently-used.xbel
==================== Find3M ====================
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-11 22:18:44 49422754 ----a-w- c:\program files\netbeans-6.8-ml-javase-windows.exe
2010-04-10 04:38:05 80394008 ----a-w- c:\program files\jdk-6u19-windows-i586.exe
============= FINISH: 11:15:43.25 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2003 4:35:02 PM
System Uptime: 7/8/2010 11:12:10 AM (0 hours ago)
Motherboard: Shuttle Inc | | AN35
Processor: AMD Athlon(tm) XP | Socket A | 1094/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 19 GiB total, 5.344 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_05311297&REV_A2\3&13C0B0C5&0&09
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
Device ID: USB\VID_1737&PID_0075\00
Manufacturer: Linksys, A Division of Cisco
Name: Compact Wireless-G USB Network Adapter with SpeedBooster ver.2
PNP Device ID: USB\VID_1737&PID_0075\00
Service: WUSB54GSCV2
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&20
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_05311297&REV_A1\3&13C0B0C5&0&30
Service:
==== System Restore Points ===================
RP284: 6/20/2010 9:42:36 AM - System Checkpoint
RP285: 6/21/2010 9:51:25 AM - System Checkpoint
RP286: 6/22/2010 10:10:50 AM - System Checkpoint
RP287: 6/23/2010 10:27:53 AM - System Checkpoint
RP288: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP289: 6/25/2010 3:18:35 AM - System Checkpoint
RP290: 6/26/2010 4:13:51 AM - System Checkpoint
RP291: 6/27/2010 5:09:23 AM - System Checkpoint
RP292: 6/28/2010 6:04:44 AM - System Checkpoint
RP293: 6/29/2010 7:00:01 AM - System Checkpoint
RP294: 6/30/2010 9:04:21 AM - System Checkpoint
RP295: 7/1/2010 9:13:13 AM - System Checkpoint
RP296: 7/2/2010 9:22:18 AM - System Checkpoint
RP297: 7/3/2010 10:31:55 AM - System Checkpoint
RP298: 7/4/2010 11:34:45 AM - System Checkpoint
RP299: 7/5/2010 11:40:26 AM - System Checkpoint
RP300: 7/6/2010 11:14:10 PM - System Checkpoint
RP301: 7/8/2010 12:05:03 AM - System Checkpoint
RP302: 7/8/2010 10:21:28 AM - Removed Quake Live Mozilla Plugin
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
ArcGIS Desktop Evaluation Edition
Canon MP Navigator EX 1.0
Canon MP210 series
Compact Wireless-G USB Network Adapter with SpeedBooster
Connect
Download Updater (AOL LLC)
EA Download Manager
ERUNT 1.1j
Getting to Know ArcGIS Desktop - Exercise Data
GIMP 2.6.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 19
JCreator LE 4.50
kuler
LightScribe System Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NetBeans IDE 6.8
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Python 2.5 numpy-1.0.3
Python 2.5.1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Skype™ 4.1
Spybot - Search & Destroy
Suite Shared Configuration CS4
The Sims™ 3
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USBFast
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
==== Event Viewer Messages From Past Week ========
7/5/2010 8:28:29 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:24 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 8:28:04 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 11:56:29 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/5/2010 11:56:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
7/3/2010 7:41:40 AM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: All pipe instances are busy.
7/2/2010 1:45:39 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer IRVTIN-50FA64 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6319945F-F9C8-. The master browser is stopping or an election is being forced.
==== End Of File ===========================
update on the situation:
I ran malware bytes anti-malware and came up with 5 infections including Trojan.Hiloti, Rouge.Installer (and forgive me I forgot the rest). Here is the MBAM report.
atabase version: 4293
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
7/8/2010 1:48:51 PM
mbam-log-2010-07-08 (13-48-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 204911
Time elapsed: 34 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\wsizhc.dll (Trojan.Hiloti) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qrojutegefixi (Trojan.Hiloti) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\wsizhc.dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\_restore{B4852261-8A13-4800-8585-D334761D62BC}\RP302\A0021060.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.