View Full Version : Malware problem i think its fraud.sysguard
I have random browser popups and google redirects like in this post
http://forums.spybot.info/showthread.php?t=58202&highlight=fraud.sysguard
I have done numerous system searches with malware byes spybot and killboxed alot of things that i knew were virus's but the problems persist
I willl post my latest malware bytes log which was from Last night and the DDS one. I also have the othereon on standby so it can be requested at any time ty for your time.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 9:57:46.67 on Thu 07/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.60 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [GameShadow] c:\program files\gameshadow\GameShadow.exe /q
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 MpKsle3efea4e;MpKsle3efea4e;c:\windows\system32\mpenginestore\MpKsle3efea4e.sys [2010-7-15 28752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2010-3-30 16690]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-14 38224]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-07-15 13:17:45 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-15 07:03:58 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-15 02:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-15 02:12:58 0 d-----w- C:\!KillBox
2010-07-14 12:57:11 0 d-----w- c:\docume~1\jamesp~1\applic~1\Malwarebytes
2010-07-14 12:56:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 12:56:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 12:56:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 11:02:50 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03:14 0 d-----w- c:\docume~1\jamesp~1\applic~1\Tropico 3
2010-06-24 01:49:07 782336 ----a-r- c:\windows\system32\tmp9B2.tmp
==================== Find3M ====================
2010-06-30 03:10:37 9168 ----a-w- c:\docume~1\jamesp~1\applic~1\wklnhst.dat
2010-06-24 01:49:08 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49:08 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-02 16:22:15 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41:19 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55:12 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 22:38:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 11:04:02 139152 ----a-w- c:\docume~1\jamesp~1\applic~1\PnkBstrK.sys
2010-05-05 11:03:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55:38 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55:16 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-26 20:48:58 131052 ----a-w- c:\program files\INSTALL.LOG
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2009-10-24 04:13:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102420091025\index.dat
============= FINISH: 9:59:33.96 ===============
Hi,
Please post attach.txt contents too.
I did a more recent DDS so heres the logs for both
Good. Please copy-paste log contents next time though :)
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
DNA
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
DDS (Ver_10-03-17.01) - NTFSx86
Run by James Paul Williams at 10:24:37.81 on Tue 07/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.128 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Steam\steam.exe
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2010-3-30 16690]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-07-20 14:00:07 0 d-sha-r- C:\cmdcons
2010-07-20 13:55:49 98816 ----a-w- c:\windows\sed.exe
2010-07-20 13:55:49 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 13:55:49 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 13:55:49 161792 ----a-w- c:\windows\SWREG.exe
2010-07-19 04:05:01 67584 ----a-w- c:\windows\system32\o.dat
2010-07-15 13:17:45 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-15 07:03:58 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-15 02:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-15 02:12:58 0 d-----w- C:\!KillBox
2010-07-14 12:57:11 0 d-----w- c:\docume~1\jamesp~1\applic~1\Malwarebytes
2010-07-14 12:56:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 12:56:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 12:56:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 11:02:50 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03:14 0 d-----w- c:\docume~1\jamesp~1\applic~1\Tropico 3
2010-06-24 01:49:07 782336 ----a-r- c:\windows\system32\tmp9B2.tmp
==================== Find3M ====================
2010-06-30 03:10:37 9168 ----a-w- c:\docume~1\jamesp~1\applic~1\wklnhst.dat
2010-06-24 01:49:08 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49:08 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-02 16:22:15 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41:19 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55:12 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 22:38:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 11:04:02 139152 ----a-w- c:\docume~1\jamesp~1\applic~1\PnkBstrK.sys
2010-05-05 11:03:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55:38 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55:16 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-10-24 04:13:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102420091025\index.dat
============= FINISH: 10:25:11.00 ===============
ComboFix 10-07-19.05 - James Paul Williams 07/20/2010 10:06:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.281 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\Agicsd.dll
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-19 04:05 . 2010-07-19 04:05 67584 ----a-w- c:\windows\system32\o.dat
2010-07-15 20:26 . 2010-07-17 04:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:17 . 2010-07-17 06:42 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-15 02:54 . 2010-07-15 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-15 02:54 . 2010-07-15 02:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:12 . 2010-07-15 02:15 -------- d-----w- C:\!KillBox
2010-07-14 12:57 . 2010-07-14 12:57 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Malwarebytes
2010-07-14 12:56 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56 . 2010-07-14 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 12:56 . 2010-07-14 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 12:56 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 11:02 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03 . 2010-07-02 09:34 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Tropico 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 13:45 . 2009-09-19 17:03 -------- d-----w- c:\program files\DNA
2010-07-20 05:53 . 2009-08-29 16:47 -------- d-----w- c:\program files\Steam
2010-07-17 04:28 . 2009-08-29 15:34 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 21:54 . 2009-08-29 15:34 -------- d-----w- c:\program files\Xfire
2010-07-15 07:17 . 2009-09-24 02:44 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Free Download Manager
2010-07-12 23:14 . 2009-08-29 15:34 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Xfire
2010-07-10 19:12 . 2009-09-20 02:30 4246 ----a-w- c:\documents and settings\Sybil Chisolm\Application Data\wklnhst.dat
2010-07-08 03:56 . 2009-08-30 22:54 -------- d-----w- c:\program files\dl_cats
2010-07-06 17:22 . 2009-10-18 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-30 03:10 . 2009-09-13 23:07 9168 ----a-w- c:\documents and settings\James Paul Williams\Application Data\wklnhst.dat
2010-06-24 01:49 . 2009-12-25 05:19 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49 . 2009-12-25 05:19 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-23 06:20 . 2010-06-23 06:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb7DE.tmp.exe
2010-06-23 02:02 . 2009-09-04 21:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-02 16:22 . 2009-10-11 18:05 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41 . 2009-10-11 18:06 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55 . 2009-09-14 01:30 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 23:06 . 2010-05-22 23:06 -------- d-----w- c:\program files\Paradox Interactive
2010-05-22 23:06 . 2009-08-27 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 22:44 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\DAEMON Tools Pro
2010-05-22 22:38 . 2010-05-22 22:38 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 11:04 . 2009-10-11 18:06 139152 ----a-w- c:\documents and settings\James Paul Williams\Application Data\PnkBstrK.sys
2010-05-05 11:04 . 2009-10-11 18:06 139152 ----a-w- c:\documents and settings\James Paul Williams\Application Data\PnkBstrK.sys
2010-05-05 11:03 . 2009-10-11 18:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55 . 2010-05-03 01:47 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55 . 2010-05-03 01:47 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\documents and settings\James Paul Williams\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-27 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Ubisoft\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\505games\\1C\\Men of War\\mow.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Paradox Interactive\\Hearts of Iron 2\\HoI2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"27900:UDP"= 27900:UDP:BF2 Client 1
"29900:UDP"= 29900:UDP:BF2 Client 2
"29900:TCP"= 29900:TCP:BF2 Client 4
"29901:TCP"= 29901:TCP:BF2 Client 5
"29920:TCP"= 29920:TCP:BF2 Client 6
"27901:UDP"= 27901:UDP:BF2 Client 7
"28910:TCP"= 28910:TCP:BF2 Client 8
"4711:TCP"= 4711:TCP:BF2 Client 9
"55123:UDP"= 55123:UDP:BF2 Client 10
"55124:UDP"= 55124:UDP:BF2 Client 11
"55125:TCP"= 55125:TCP:BF2 Client 12
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [3/30/2010 7:33 PM 16690]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 2:23 AM 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 11:13 PM 135664]
S3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2010 6:38 PM 697328]
.
Contents of the 'Scheduled Tasks' folder
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 03:13]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 03:13]
2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{7D339D22-CE4B-4C36-8869-0A6FB978940D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{EFEB53A3-7077-447A-95F8-687198321E7A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-GameShadow - c:\program files\GameShadow\GameShadow.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
HKU-Default-Run-Wlubasoyuy - c:\windows\Agicsd.dll
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 10:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-20 10:23:13
ComboFix-quarantined-files.txt 2010-07-20 14:23
Pre-Run: 32,951,635,968 bytes free
Post-Run: 34,260,447,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 071E65CACFFE0B7AC05A452E1A231B8D
Hi,
Before we continue I have to ask if you're aware of these firewall port openings:
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
Hi,
Before we continue I have to ask if you're aware of these firewall port openings:
Not aware of them ever beeing opened
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
FileLook::
c:\windows\system32\o.dat
Folder::
c:\program files\DNA
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, July 20, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, July 20, 2010 08:29:46
Records in database: 4227267
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 216964
Threats found: 7
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 08:00:01
File name / Threat / Threats count
C:\Documents and Settings\James Paul Williams\Application Data\Sun\Java\Deployment\cache\6.0\57\5b73fcb9-23edcf19 Infected: Trojan-Downloader.Java.Agent.ap 3
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\575401da-6e0af1e1 Infected: Trojan-Downloader.Java.Agent.cf 1
C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa_dll.exe Infected: Trojan.Win32.Genome.quk 1
C:\Qoobox\Quarantine\C\WINDOWS\Agicsd.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.xmv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP307\A0132840.exe Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP312\A0136324.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP312\A0136366.dll Infected: Trojan-Downloader.Win32.Mufanom.xmv 1
C:\WINDOWS\system32\o.dat Infected: Trojan-Downloader.Win32.Mufanom.xlj 1
Selected area has been scanned.
DDS (Ver_10-03-17.01) - NTFSx86
Run by James Paul Williams at 22:09:41.26 on Tue 07/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.190 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [JavaInstallRetry] RUNONCE=1 SPONSORS=0
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2010-3-30 16690]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-07-20 17:03:11 0 d-----w- c:\program files\Sun
2010-07-20 14:00:07 0 d-sha-r- C:\cmdcons
2010-07-20 13:55:49 98816 ----a-w- c:\windows\sed.exe
2010-07-20 13:55:49 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 13:55:49 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 13:55:49 161792 ----a-w- c:\windows\SWREG.exe
2010-07-19 04:05:01 67584 ----a-w- c:\windows\system32\o.dat
2010-07-15 13:17:45 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-15 07:03:58 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-15 02:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-15 02:12:58 0 d-----w- C:\!KillBox
2010-07-14 12:57:11 0 d-----w- c:\docume~1\jamesp~1\applic~1\Malwarebytes
2010-07-14 12:56:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 12:56:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 12:56:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 11:02:50 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03:14 0 d-----w- c:\docume~1\jamesp~1\applic~1\Tropico 3
2010-06-24 01:49:07 782336 ----a-r- c:\windows\system32\tmp9B2.tmp
==================== Find3M ====================
2010-06-30 03:10:37 9168 ----a-w- c:\docume~1\jamesp~1\applic~1\wklnhst.dat
2010-06-24 01:49:08 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49:08 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-02 16:22:15 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41:19 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55:12 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 22:38:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 11:04:02 139152 ----a-w- c:\docume~1\jamesp~1\applic~1\PnkBstrK.sys
2010-05-05 11:03:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55:38 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55:16 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-10-24 04:13:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102420091025\index.dat
============= FINISH: 22:09:47.88 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2009 11:09:41 AM
System Uptime: 7/20/2010 12:08:21 PM (10 hours ago)
Motherboard: Dell Inc | | 0HK980
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2004/1000mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 144 GiB total, 31.39 GiB free.
D: is CDROM (UDF)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP224: 4/21/2010 11:39:27 PM - System Checkpoint
RP225: 4/23/2010 12:17:18 AM - System Checkpoint
RP226: 4/25/2010 2:27:38 PM - System Checkpoint
RP227: 4/26/2010 4:40:20 PM - Installed RangeMax Wireless-N USB Adapter WN111v2
RP228: 4/26/2010 5:00:08 PM - Installed Service Access Manager
RP229: 4/27/2010 3:00:22 AM - Software Distribution Service 3.0
RP230: 4/27/2010 11:41:27 PM - Installed NETGEAR WN111 wireless USB 2.0 adapter
RP231: 4/27/2010 11:42:21 PM - Configured NETGEAR WN111 wireless USB 2.0 adapter
RP232: 4/27/2010 11:44:50 PM - Configured RangeMax Wireless-N USB Adapter WN111v2
RP233: 4/27/2010 11:46:17 PM - Installed RangeMax Wireless-N USB Adapter WN111v2
RP234: 4/29/2010 12:02:04 AM - System Checkpoint
RP235: 4/29/2010 7:55:02 PM - Removed Battlefield 2: Special Forces
RP236: 4/30/2010 8:30:30 PM - System Checkpoint
RP237: 5/1/2010 11:56:18 PM - System Checkpoint
RP238: 5/3/2010 5:03:37 PM - Removed Battlefield 2(TM)
RP239: 5/3/2010 5:06:52 PM - Installed Battlefield 2(TM)
RP240: 5/3/2010 5:09:49 PM - Installed Battlefield 2(TM)
RP241: 5/4/2010 8:13:38 PM - System Checkpoint
RP242: 5/5/2010 6:46:21 AM - Installed DirectX
RP243: 5/6/2010 7:20:13 AM - System Checkpoint
RP244: 5/7/2010 7:34:59 AM - System Checkpoint
RP245: 5/8/2010 8:13:23 AM - System Checkpoint
RP246: 5/9/2010 9:53:15 AM - System Checkpoint
RP247: 5/10/2010 11:26:44 AM - System Checkpoint
RP248: 5/12/2010 12:11:48 AM - System Checkpoint
RP249: 5/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP250: 5/13/2010 7:22:44 AM - System Checkpoint
RP251: 5/14/2010 8:00:05 AM - System Checkpoint
RP252: 5/16/2010 3:03:09 AM - System Checkpoint
RP253: 5/17/2010 4:00:03 AM - System Checkpoint
RP254: 5/18/2010 6:00:01 AM - System Checkpoint
RP255: 5/19/2010 8:01:07 AM - System Checkpoint
RP256: 5/20/2010 10:00:00 AM - System Checkpoint
RP257: 5/21/2010 10:55:08 AM - System Checkpoint
RP258: 5/22/2010 6:38:29 PM - SPTD setup V1.69
RP259: 5/22/2010 7:06:31 PM - Installed Hearts of Iron 2
RP260: 5/24/2010 12:15:15 AM - System Checkpoint
RP261: 5/25/2010 11:12:55 PM - System Checkpoint
RP262: 5/27/2010 2:21:33 AM - System Checkpoint
RP263: 5/27/2010 3:00:17 AM - Software Distribution Service 3.0
RP264: 5/28/2010 4:32:39 AM - System Checkpoint
RP265: 5/29/2010 11:13:41 AM - System Checkpoint
RP266: 5/30/2010 11:25:06 AM - System Checkpoint
RP267: 5/31/2010 11:48:02 AM - System Checkpoint
RP268: 6/1/2010 12:50:30 PM - System Checkpoint
RP269: 6/2/2010 7:08:53 PM - System Checkpoint
RP270: 6/3/2010 7:14:46 PM - System Checkpoint
RP271: 6/4/2010 11:40:01 PM - System Checkpoint
RP272: 6/6/2010 12:11:23 AM - System Checkpoint
RP273: 6/7/2010 1:02:29 AM - System Checkpoint
RP274: 6/8/2010 2:11:21 AM - System Checkpoint
RP275: 6/9/2010 2:12:25 AM - System Checkpoint
RP276: 6/9/2010 3:00:18 AM - Software Distribution Service 3.0
RP277: 6/10/2010 4:46:43 AM - System Checkpoint
RP278: 6/11/2010 4:51:15 AM - System Checkpoint
RP279: 6/12/2010 6:51:13 AM - System Checkpoint
RP280: 6/13/2010 2:53:24 PM - System Checkpoint
RP281: 6/14/2010 6:30:08 PM - System Checkpoint
RP282: 6/16/2010 1:08:05 AM - System Checkpoint
RP283: 6/17/2010 1:36:43 AM - System Checkpoint
RP284: 6/18/2010 2:24:34 AM - System Checkpoint
RP285: 6/19/2010 4:10:39 AM - System Checkpoint
RP286: 6/20/2010 9:09:52 AM - System Checkpoint
RP287: 6/21/2010 12:26:46 PM - System Checkpoint
RP288: 6/22/2010 8:14:59 PM - System Checkpoint
RP289: 6/23/2010 3:00:36 AM - Software Distribution Service 3.0
RP290: 6/23/2010 9:46:36 PM - Installed DirectX
RP291: 6/25/2010 11:59:46 PM - System Checkpoint
RP292: 6/27/2010 12:42:46 AM - System Checkpoint
RP293: 6/28/2010 1:41:01 AM - System Checkpoint
RP294: 6/29/2010 2:46:20 AM - System Checkpoint
RP295: 6/30/2010 4:41:59 AM - System Checkpoint
RP296: 7/1/2010 6:40:53 AM - System Checkpoint
RP297: 7/1/2010 11:58:05 PM - Installed DirectX
RP298: 7/3/2010 3:10:24 AM - System Checkpoint
RP299: 7/4/2010 4:16:48 AM - System Checkpoint
RP300: 7/5/2010 1:21:54 PM - System Checkpoint
RP301: 7/6/2010 3:28:25 PM - System Checkpoint
RP302: 7/7/2010 4:30:09 PM - System Checkpoint
RP303: 7/8/2010 5:05:01 PM - System Checkpoint
RP304: 7/11/2010 5:23:19 PM - Installed Battlefield 2(TM)
RP305: 7/11/2010 5:26:32 PM - Installed Battlefield 2 Patch
RP306: 7/13/2010 12:37:23 AM - System Checkpoint
RP307: 7/14/2010 3:57:55 AM - System Checkpoint
RP308: 7/15/2010 3:00:26 AM - Software Distribution Service 3.0
RP309: 7/16/2010 4:44:41 AM - System Checkpoint
RP310: 7/17/2010 11:49:18 AM - System Checkpoint
RP311: 7/19/2010 12:25:39 AM - System Checkpoint
RP312: 7/20/2010 2:52:38 AM - System Checkpoint
RP313: 7/20/2010 12:59:17 PM - Installed Java(TM) SE Development Kit 6 Update 21
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Alien Swarm
Apple Application Support
Apple Software Update
Banctec Service Agreement
Battlefield 2(TM)
BellSouth FastAccess DSL Report Agent
Broadcom Management Programs
BroadJump Client Foundation
BroadJump PPPoE
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Counter-Strike: Source
Dell CinePlayer
Dell PC Fax
Dell Photo AIO Printer 926
Delta Force - Black Hawk Down
Digital Line Detect
ESPNMotion
EVGA Display Driver
Free Download Manager 3.0
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
GTA: San Andreas RIP PT-BR by TemDono - #GTABrasil - BrasNET
Hearts of Iron 2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallMgr
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 21
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Men of War (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Location Finder
Microsoft Money 2006
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Diagnostic Tool
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MusicIP MyDJ Plug-in
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OpenAL
OpenOffice.org 3.1
Otto
Patch 1.17.5 for "Men of War"
PunkBuster Services
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
Red Orchestra
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Silent Hunter Wolves of the Pacific
Sonic Activation Module
Sonic Encoders
Source SDK Base 2007
Spybot - Search & Destroy
Steam
System Requirements Lab
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
War Rock
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WN111v2
Works Upgrade
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
7/20/2010 10:05:15 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/17/2010 2:33:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/15/2010 4:42:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/15/2010 4:42:37 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2010 3:21:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
7/14/2010 3:19:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi nvatabus nvraid PCIIde
7/14/2010 3:18:47 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/14/2010 3:18:47 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/14/2010 3:06:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
==== End Of File ===========================
ComboFix 10-07-19.05 - James Paul Williams 07/20/2010 12:10:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.283 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DNA
c:\program files\DNA\plugins\npbtdna.dll
.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-19 04:05 . 2010-07-19 04:05 67584 ----a-w- c:\windows\system32\o.dat
2010-07-15 20:26 . 2010-07-17 04:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:17 . 2010-07-17 06:42 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-15 02:54 . 2010-07-20 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-15 02:54 . 2010-07-15 02:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:12 . 2010-07-15 02:15 -------- d-----w- C:\!KillBox
2010-07-14 12:57 . 2010-07-14 12:57 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Malwarebytes
2010-07-14 12:56 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56 . 2010-07-14 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 12:56 . 2010-07-14 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 12:56 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 11:02 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03 . 2010-07-02 09:34 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Tropico 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 16:03 . 2009-08-29 16:47 -------- d-----w- c:\program files\Steam
2010-07-17 04:28 . 2009-08-29 15:34 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 21:54 . 2009-08-29 15:34 -------- d-----w- c:\program files\Xfire
2010-07-15 07:17 . 2009-09-24 02:44 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Free Download Manager
2010-07-12 23:14 . 2009-08-29 15:34 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\Xfire
2010-07-10 19:12 . 2009-09-20 02:30 4246 ----a-w- c:\documents and settings\Sybil Chisolm\Application Data\wklnhst.dat
2010-07-08 03:56 . 2009-08-30 22:54 -------- d-----w- c:\program files\dl_cats
2010-07-06 17:22 . 2009-10-18 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-30 03:10 . 2009-09-13 23:07 9168 ----a-w- c:\documents and settings\James Paul Williams\Application Data\wklnhst.dat
2010-06-24 01:49 . 2009-12-25 05:19 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49 . 2009-12-25 05:19 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-23 06:20 . 2010-06-23 06:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb7DE.tmp.exe
2010-06-23 02:02 . 2009-09-04 21:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-02 16:22 . 2009-10-11 18:05 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41 . 2009-10-11 18:06 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55 . 2009-09-14 01:30 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 23:06 . 2010-05-22 23:06 -------- d-----w- c:\program files\Paradox Interactive
2010-05-22 23:06 . 2009-08-27 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 22:44 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\James Paul Williams\Application Data\DAEMON Tools Pro
2010-05-22 22:38 . 2010-05-22 22:38 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 11:04 . 2009-10-11 18:06 139152 ----a-w- c:\documents and settings\James Paul Williams\Application Data\PnkBstrK.sys
2010-05-05 11:04 . 2009-10-11 18:06 139152 ----a-w- c:\documents and settings\James Paul Williams\Application Data\PnkBstrK.sys
2010-05-05 11:03 . 2009-10-11 18:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55 . 2010-05-03 01:47 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55 . 2010-05-03 01:47 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\o.dat ---
Company: Dritek System Inc.
File Description: InterOp Library For Cyberlink
File Version: 1, 0, 0, 823
Product Name: InterOp Library For Cyberlink
Copyright: Copyright (C) 2005 Dritek System Inc.
Original Filename: ClInteOp.dll
File size: 67584
Created time: 2010-07-19 04:05
Modified time: 2010-07-19 04:05
MD5: 6A6825E7F0CC250A25810D867828EEFC
SHA1: BA3A457BE8A4A6B26C5554F4EFA14EB0B5097B61
((((((((((((((((((((((((((((( SnapShot@2010-07-20_14.18.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-20 16:08 . 2010-07-20 16:08 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\documents and settings\James Paul Williams\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-27 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Ubisoft\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\505games\\1C\\Men of War\\mow.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Paradox Interactive\\Hearts of Iron 2\\HoI2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\psgchisolm\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27900:UDP"= 27900:UDP:BF2 Client 1
"29900:UDP"= 29900:UDP:BF2 Client 2
"29900:TCP"= 29900:TCP:BF2 Client 4
"29901:TCP"= 29901:TCP:BF2 Client 5
"29920:TCP"= 29920:TCP:BF2 Client 6
"27901:UDP"= 27901:UDP:BF2 Client 7
"28910:TCP"= 28910:TCP:BF2 Client 8
"4711:TCP"= 4711:TCP:BF2 Client 9
"55123:UDP"= 55123:UDP:BF2 Client 10
"55124:UDP"= 55124:UDP:BF2 Client 11
"55125:TCP"= 55125:TCP:BF2 Client 12
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [3/30/2010 7:33 PM 16690]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 2:23 AM 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 11:13 PM 135664]
S3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2010 6:38 PM 697328]
.
Contents of the 'Scheduled Tasks' folder
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 03:13]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 03:13]
2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{7D339D22-CE4B-4C36-8869-0A6FB978940D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{EFEB53A3-7077-447A-95F8-687198321E7A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 12:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-20 12:23:01
ComboFix-quarantined-files.txt 2010-07-20 16:22
ComboFix2.txt 2010-07-20 14:23
Pre-Run: 34,227,347,456 bytes free
Post-Run: 34,258,792,448 bytes free
- - End Of File - - 8E292FD89E8279EE3DBA5CCC8F4F8CE0
Hi again,
Delete these files:
C:\Documents and Settings\James Paul Williams\Application Data\Sun\Java\Deployment\cache\6.0\57\5b73fcb9-23edcf19
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\575401da-6e0af1e1
C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa_dll.exe
C:\WINDOWS\system32\o.dat
Uninstall these old Javas:
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Post back a fresh dds.txt log. Any issues left?
Ty so far i havent seen anyproblems and everything seems to be working fine
DDS (Ver_10-03-17.01) - NTFSx86
Run by James Paul Williams at 6:46:09.39 on Wed 07/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.202 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\jamesp~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2010-3-30 16690]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-07-20 17:03:11 0 d-----w- c:\program files\Sun
2010-07-20 14:00:07 0 d-sha-r- C:\cmdcons
2010-07-20 13:55:49 98816 ----a-w- c:\windows\sed.exe
2010-07-20 13:55:49 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 13:55:49 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 13:55:49 161792 ----a-w- c:\windows\SWREG.exe
2010-07-15 13:17:45 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-15 07:03:58 172 ----a-w- c:\windows\system32\MRT.INI
2010-07-15 02:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-15 02:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-15 02:12:58 0 d-----w- C:\!KillBox
2010-07-14 12:57:11 0 d-----w- c:\docume~1\jamesp~1\applic~1\Malwarebytes
2010-07-14 12:56:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 12:56:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 12:56:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 12:56:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 11:02:50 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-02 04:03:14 0 d-----w- c:\docume~1\jamesp~1\applic~1\Tropico 3
2010-06-24 01:49:07 782336 ----a-r- c:\windows\system32\tmp9B2.tmp
==================== Find3M ====================
2010-06-30 03:10:37 9168 ----a-w- c:\docume~1\jamesp~1\applic~1\wklnhst.dat
2010-06-24 01:49:08 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-24 01:49:08 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-02 16:22:15 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 19:41:19 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 15:55:12 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-22 22:38:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 11:04:02 139152 ----a-w- c:\docume~1\jamesp~1\applic~1\PnkBstrK.sys
2010-05-05 11:03:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-03 01:55:38 18252 ----a-w- c:\program files\unins000.dat
2010-05-03 01:55:16 704282 ----a-w- c:\program files\unins000.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-10-24 04:13:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102420091025\index.dat
============= FINISH: 6:46:37.61 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2009 11:09:41 AM
System Uptime: 7/21/2010 12:02:19 AM (6 hours ago)
Motherboard: Dell Inc | | 0HK980
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2004/1000mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 144 GiB total, 31.483 GiB free.
D: is CDROM (UDF)
==== Disabled Device Manager Items =============
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&1
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&1
Service: asm9b0bs
==== System Restore Points ===================
RP225: 4/23/2010 12:17:18 AM - System Checkpoint
RP226: 4/25/2010 2:27:38 PM - System Checkpoint
RP227: 4/26/2010 4:40:20 PM - Installed RangeMax Wireless-N USB Adapter WN111v2
RP228: 4/26/2010 5:00:08 PM - Installed Service Access Manager
RP229: 4/27/2010 3:00:22 AM - Software Distribution Service 3.0
RP230: 4/27/2010 11:41:27 PM - Installed NETGEAR WN111 wireless USB 2.0 adapter
RP231: 4/27/2010 11:42:21 PM - Configured NETGEAR WN111 wireless USB 2.0 adapter
RP232: 4/27/2010 11:44:50 PM - Configured RangeMax Wireless-N USB Adapter WN111v2
RP233: 4/27/2010 11:46:17 PM - Installed RangeMax Wireless-N USB Adapter WN111v2
RP234: 4/29/2010 12:02:04 AM - System Checkpoint
RP235: 4/29/2010 7:55:02 PM - Removed Battlefield 2: Special Forces
RP236: 4/30/2010 8:30:30 PM - System Checkpoint
RP237: 5/1/2010 11:56:18 PM - System Checkpoint
RP238: 5/3/2010 5:03:37 PM - Removed Battlefield 2(TM)
RP239: 5/3/2010 5:06:52 PM - Installed Battlefield 2(TM)
RP240: 5/3/2010 5:09:49 PM - Installed Battlefield 2(TM)
RP241: 5/4/2010 8:13:38 PM - System Checkpoint
RP242: 5/5/2010 6:46:21 AM - Installed DirectX
RP243: 5/6/2010 7:20:13 AM - System Checkpoint
RP244: 5/7/2010 7:34:59 AM - System Checkpoint
RP245: 5/8/2010 8:13:23 AM - System Checkpoint
RP246: 5/9/2010 9:53:15 AM - System Checkpoint
RP247: 5/10/2010 11:26:44 AM - System Checkpoint
RP248: 5/12/2010 12:11:48 AM - System Checkpoint
RP249: 5/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP250: 5/13/2010 7:22:44 AM - System Checkpoint
RP251: 5/14/2010 8:00:05 AM - System Checkpoint
RP252: 5/16/2010 3:03:09 AM - System Checkpoint
RP253: 5/17/2010 4:00:03 AM - System Checkpoint
RP254: 5/18/2010 6:00:01 AM - System Checkpoint
RP255: 5/19/2010 8:01:07 AM - System Checkpoint
RP256: 5/20/2010 10:00:00 AM - System Checkpoint
RP257: 5/21/2010 10:55:08 AM - System Checkpoint
RP258: 5/22/2010 6:38:29 PM - SPTD setup V1.69
RP259: 5/22/2010 7:06:31 PM - Installed Hearts of Iron 2
RP260: 5/24/2010 12:15:15 AM - System Checkpoint
RP261: 5/25/2010 11:12:55 PM - System Checkpoint
RP262: 5/27/2010 2:21:33 AM - System Checkpoint
RP263: 5/27/2010 3:00:17 AM - Software Distribution Service 3.0
RP264: 5/28/2010 4:32:39 AM - System Checkpoint
RP265: 5/29/2010 11:13:41 AM - System Checkpoint
RP266: 5/30/2010 11:25:06 AM - System Checkpoint
RP267: 5/31/2010 11:48:02 AM - System Checkpoint
RP268: 6/1/2010 12:50:30 PM - System Checkpoint
RP269: 6/2/2010 7:08:53 PM - System Checkpoint
RP270: 6/3/2010 7:14:46 PM - System Checkpoint
RP271: 6/4/2010 11:40:01 PM - System Checkpoint
RP272: 6/6/2010 12:11:23 AM - System Checkpoint
RP273: 6/7/2010 1:02:29 AM - System Checkpoint
RP274: 6/8/2010 2:11:21 AM - System Checkpoint
RP275: 6/9/2010 2:12:25 AM - System Checkpoint
RP276: 6/9/2010 3:00:18 AM - Software Distribution Service 3.0
RP277: 6/10/2010 4:46:43 AM - System Checkpoint
RP278: 6/11/2010 4:51:15 AM - System Checkpoint
RP279: 6/12/2010 6:51:13 AM - System Checkpoint
RP280: 6/13/2010 2:53:24 PM - System Checkpoint
RP281: 6/14/2010 6:30:08 PM - System Checkpoint
RP282: 6/16/2010 1:08:05 AM - System Checkpoint
RP283: 6/17/2010 1:36:43 AM - System Checkpoint
RP284: 6/18/2010 2:24:34 AM - System Checkpoint
RP285: 6/19/2010 4:10:39 AM - System Checkpoint
RP286: 6/20/2010 9:09:52 AM - System Checkpoint
RP287: 6/21/2010 12:26:46 PM - System Checkpoint
RP288: 6/22/2010 8:14:59 PM - System Checkpoint
RP289: 6/23/2010 3:00:36 AM - Software Distribution Service 3.0
RP290: 6/23/2010 9:46:36 PM - Installed DirectX
RP291: 6/25/2010 11:59:46 PM - System Checkpoint
RP292: 6/27/2010 12:42:46 AM - System Checkpoint
RP293: 6/28/2010 1:41:01 AM - System Checkpoint
RP294: 6/29/2010 2:46:20 AM - System Checkpoint
RP295: 6/30/2010 4:41:59 AM - System Checkpoint
RP296: 7/1/2010 6:40:53 AM - System Checkpoint
RP297: 7/1/2010 11:58:05 PM - Installed DirectX
RP298: 7/3/2010 3:10:24 AM - System Checkpoint
RP299: 7/4/2010 4:16:48 AM - System Checkpoint
RP300: 7/5/2010 1:21:54 PM - System Checkpoint
RP301: 7/6/2010 3:28:25 PM - System Checkpoint
RP302: 7/7/2010 4:30:09 PM - System Checkpoint
RP303: 7/8/2010 5:05:01 PM - System Checkpoint
RP304: 7/11/2010 5:23:19 PM - Installed Battlefield 2(TM)
RP305: 7/11/2010 5:26:32 PM - Installed Battlefield 2 Patch
RP306: 7/13/2010 12:37:23 AM - System Checkpoint
RP307: 7/14/2010 3:57:55 AM - System Checkpoint
RP308: 7/15/2010 3:00:26 AM - Software Distribution Service 3.0
RP309: 7/16/2010 4:44:41 AM - System Checkpoint
RP310: 7/17/2010 11:49:18 AM - System Checkpoint
RP311: 7/19/2010 12:25:39 AM - System Checkpoint
RP312: 7/20/2010 2:52:38 AM - System Checkpoint
RP313: 7/20/2010 12:59:17 PM - Installed Java(TM) SE Development Kit 6 Update 21
RP314: 7/21/2010 6:38:22 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP315: 7/21/2010 6:39:50 AM - Removed Java(TM) 6 Update 16
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Alien Swarm
Apple Application Support
Apple Software Update
Banctec Service Agreement
Battlefield 2(TM)
BellSouth FastAccess DSL Report Agent
Broadcom Management Programs
BroadJump Client Foundation
BroadJump PPPoE
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Counter-Strike: Source
Dell CinePlayer
Dell PC Fax
Dell Photo AIO Printer 926
Delta Force - Black Hawk Down
Digital Line Detect
ESPNMotion
EVGA Display Driver
Free Download Manager 3.0
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
GTA: San Andreas RIP PT-BR by TemDono - #GTABrasil - BrasNET
Hearts of Iron 2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallMgr
Java DB 10.5.3.0
Java(TM) SE Development Kit 6 Update 21
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Men of War (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Location Finder
Microsoft Money 2006
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Diagnostic Tool
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MusicIP MyDJ Plug-in
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OpenAL
OpenOffice.org 3.1
Otto
Patch 1.17.5 for "Men of War"
PunkBuster Services
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
Red Orchestra
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Silent Hunter Wolves of the Pacific
Sonic Activation Module
Sonic Encoders
Source SDK Base 2007
Spybot - Search & Destroy
Steam
System Requirements Lab
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
War Rock
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WN111v2
Works Upgrade
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
7/20/2010 10:05:15 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/17/2010 2:33:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/15/2010 4:42:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/15/2010 4:42:37 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2010 3:21:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
7/15/2010 3:21:19 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/15/2010 3:21:19 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/14/2010 3:19:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi nvatabus nvraid PCIIde
7/14/2010 3:06:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
==== End Of File ===========================
Good. It's time to secure your system to prevent against further intrusions :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
roger this ill get started on it as soon as i can but it will take a while as i wont be home much to install alot, but i will try and do as much as possible and ill tell you when i have installed it all ok.
Ok. I'll leave the topic open for a week. Hopefully that's enough :)
thank you so very very much i've complete ur steps. I hope you have a good life and that i wont have to be here again ;D. you dont know how much i appreciate this. ty
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.