PDA

View Full Version : Computer comes out of sleep randomly - overheats



CaffeinatedPonderer
2010-08-06, 03:45
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2010 11:19:19 AM
System Uptime: 8/5/2010 7:06:27 PM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D4
Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | Onboard | 2394/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 66.145 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 106.821 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 82.06 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP43: 5/6/2010 11:44:21 PM - System Checkpoint
RP44: 5/7/2010 9:01:33 PM - Installed HiJackThis
RP45: 5/10/2010 3:33:46 PM - System Checkpoint
RP46: 5/23/2010 12:57:06 PM - Installed OmniPass
RP47: 5/23/2010 3:30:13 PM - Removed Acrobat.com
RP48: 5/23/2010 3:30:45 PM - Removed Adobe Flash Player 10 ActiveX.
RP49: 5/23/2010 3:31:25 PM - Removed Adobe Media Player
RP50: 5/24/2010 11:42:44 PM - System Checkpoint
RP51: 5/28/2010 11:09:34 PM - System Checkpoint
RP52: 6/6/2010 11:53:03 PM - System Checkpoint
RP53: 6/8/2010 12:04:37 AM - System Checkpoint
RP54: 6/10/2010 9:04:27 PM - System Checkpoint
RP55: 6/12/2010 7:37:48 PM - System Checkpoint
RP56: 6/14/2010 10:49:39 AM - System Checkpoint
RP57: 6/14/2010 9:16:26 PM - Installed Realtek High Definition Audio Driver
RP58: 6/15/2010 9:49:39 PM - System Checkpoint
RP59: 6/16/2010 10:08:49 PM - System Checkpoint
RP60: 6/17/2010 11:49:28 PM - System Checkpoint
RP61: 6/20/2010 1:18:33 AM - System Checkpoint
RP62: 6/21/2010 2:17:45 PM - System Checkpoint
RP63: 6/23/2010 1:10:52 AM - System Checkpoint
RP64: 6/24/2010 1:52:07 PM - System Checkpoint
RP65: 6/25/2010 5:21:07 PM - System Checkpoint
RP66: 6/26/2010 7:41:46 PM - System Checkpoint
RP67: 6/29/2010 3:48:57 PM - System Checkpoint
RP68: 6/30/2010 4:45:01 PM - System Checkpoint
RP69: 7/31/2010 11:42:26 AM - System Checkpoint
RP70: 7/31/2010 4:37:46 PM - Printer Driver WebEx Document Loader Installed
RP71: 7/31/2010 4:38:20 PM - Installed Cisco Network Magic
RP72: 7/1/2010 4:57:13 PM - Printer Driver SmarThru Office PC Fax Installed
RP73: 7/1/2010 7:23:01 PM - Removed mSCfg
RP74: 7/1/2010 7:23:25 PM - Removed mIWA
RP75: 7/1/2010 7:23:30 PM - Removed mPfWiz
RP76: 7/1/2010 7:23:35 PM - Removed mHelp
RP77: 7/1/2010 7:23:39 PM - Removed mMHouse
RP78: 7/1/2010 7:23:49 PM - Removed mLogView
RP79: 7/1/2010 7:23:53 PM - Removed mZConfig
RP80: 7/1/2010 7:23:58 PM - Removed mDrWiFi
RP81: 7/1/2010 7:24:24 PM - Removed mCore
RP82: 7/1/2010 7:24:47 PM - Removed mPfMgr
RP83: 7/1/2010 7:24:51 PM - Installed Intel(R) PROSet/Wireless WiFi Software.
RP84: 7/4/2010 11:06:13 PM - System Checkpoint
RP85: 7/5/2010 11:09:01 PM - System Checkpoint
RP86: 7/6/2009 6:43:12 PM - System Checkpoint
RP87: 7/7/2010 12:16:40 AM - System Checkpoint
RP88: 7/8/2010 8:32:24 PM - Removed Cisco Network Magic
RP89: 7/8/2010 8:33:07 PM - Removed Pure Networks Platform
RP90: 7/8/2010 8:38:29 PM - Installed Cisco Network Magic
RP91: 7/8/2010 8:43:36 PM - Printer Driver SmarThru Office PC Fax Installed
RP92: 7/13/2010 4:18:10 AM - System Checkpoint
RP93: 7/14/2010 11:04:19 PM - System Checkpoint
RP94: 7/15/2010 6:50:53 PM - Installed Ant.com IE add-on
RP95: 7/19/2010 1:02:30 AM - System Checkpoint
RP96: 7/20/2010 10:57:37 PM - System Checkpoint
RP97: 7/22/2010 7:39:04 PM - System Checkpoint
RP98: 7/23/2010 7:49:48 PM - System Checkpoint
RP99: 7/26/2010 1:15:33 AM - System Checkpoint
RP100: 7/27/2010 5:37:08 PM - System Checkpoint
RP101: 7/29/2010 1:15:59 AM - System Checkpoint
RP102: 7/30/2010 1:39:08 AM - System Checkpoint
RP103: 8/1/2010 5:36:46 PM - System Checkpoint
RP104: 8/2/2010 5:55:15 PM - System Checkpoint
RP105: 8/4/2010 7:40:20 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Download Manager
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
Allway Sync version 10.3.25
Ant.com IE add-on
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
Cisco Network Magic
Connect
COSMOSMotion 2007 SP0
COSMOSWorks 2007 SP0
DWGeditor
eDrawings 2007
ERUNT 1.1j
Free RAR Extract Frog
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu Pen Service
Fujitsu System Extension Utility
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Windows XP (KB915800-v4)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
JabRef 2.6
Java Auto Updater
Java(TM) 6 Update 19
kuler
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
mProSafe
MSXML 6.0 Parser
mWlsSafe
National Instruments Software
Network Magic
NI-DAQmx - LabVIEW shared documentation
NI-RPC 4.1.1f0
NI-RPC 4.1.1f0 for Phar Lap ETS
NI Assistant Framework
NI Assistant Framework LabVIEW 2009 Support
NI Assistant Framework LabVIEW Code Generator 2009
NI CodeSignAPI
NI DataSocket 4.7.0
NI Distributed System Manager 2009
NI EULA Depot
NI Example Finder 9.0
NI Help Assistant
NI Instrument IO Assistant for LabVIEW 9.0 32
NI LabVIEW 2009
NI LabVIEW 2009 Applibs
NI LabVIEW 2009 CINtools
NI LabVIEW 2009 Deployment Framework
NI LabVIEW 2009 Examples
NI LabVIEW 2009 gMath
NI LabVIEW 2009 Help
NI LabVIEW 2009 Help File
NI LabVIEW 2009 Instr.lib
NI LabVIEW 2009 License
NI LabVIEW 2009 Manuals
NI LabVIEW 2009 MeasAppChm File
NI LabVIEW 2009 Menus
NI LabVIEW 2009 Project
NI LabVIEW 2009 Resource
NI LabVIEW 2009 Simulation
NI LabVIEW 2009 Templates
NI LabVIEW 2009 User.lib
NI LabVIEW 2009 VI.lib
NI LabVIEW 2009 Web Server
NI LabVIEW 2009 WWW
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Compare Utility 9.0.0
NI LabVIEW Deployable License 2009
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 9.0.0
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Web Services
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0 Run-Time Engine
NI LabWindows/CVI Code Generator
NI LabWindows/CVI DLL Builder for LabVIEW
NI License Manager
NI Logos 5.1
NI Logos LabVIEW 2009 Support
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI Math Kernel Libraries
NI MAX LabVIEW Support 4.6.0
NI MAX Remote Configuration Installer 4.6
NI MDF Support
NI Measurement & Automation Explorer 4.6.0
NI Measurement Studio Recipe Processor
NI MXS 4.6.0
NI MXS 4.6.0f0 for LabVIEW Real-Time
NI OPC Support
NI Portable Configuration 4.6.0
NI Registration Wizard
NI Remote Provider for MAX 4.6.0
NI Remote PXI Provider for MAX 4.6.0
NI Service Locator
NI Software Provider for MAX 4.6.0
NI SSL LabVIEW 2009 Support
NI SSL Support
NI System API RT
NI System API Windows 32-bit
NI System State Publisher
NI TDM Excel Add-In 2.1
NI TDMS
NI Trace Engine
NI Uninstaller
NI USI 1.7.0
NI Variable Engine 2.3.0
NI Variable Engine LabVIEW 2009 Support
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Web Pipeline 2.0.1
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.1
Notepad++
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
OmniPass
OneNote Make Subpage
Online Armor 4.0
PDF Settings CS4
PDFCreator
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
SciPlore MindMapping
Security Panel Application
Security Panel Application for Supervisor
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB913433)
Shock Sensor Utility
Skype Toolbars
Skype™ 4.2
SolidWorks 2007 SP04
SolidWorks Explorer 2007 sp0
SolidWorks Installation Manager
Spybot - Search & Destroy
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
UpToDate
VLC media player 1.0.5
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Search 4.0
Windows XP Service Pack 3

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 20:04:56.89 on Thu 08/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2240 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
E:\Java\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
E:\Mozilla Firefox\firefox.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
E:\MICROS~1\Office12\OUTLOOK.EXE
E:\Microsoft Office 2007\Office12\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(4).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: e:\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

=============== Created Last 30 ================

2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings
2010-07-15 23:29:15 0 d--h--w- c:\windows\PIF
2010-07-15 22:50:54 0 d-----w- c:\program files\Ant.com
2010-07-09 00:36:48 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 00:36:46 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 00:36:41 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-07-09 00:34:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

==================== Find3M ====================

2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 20:06:18.39 ===============

This problem has not been solved, but I am posting some additional information:

My laptop still turns on out of sleep randomly in my bag and overheats. However, I have also noticed a concurrent "Generic Host Process for Win32 Services" error when I restart.

"Generic Host Process for Win32 Services
Generic Host Process fo Win32 Services has encountered a problem and needs to close. We are sorr for the inconvenience
..."

Aug 14th, 2010,
I believe it may be a malware or software problem.

Tx,
CP

Blade81
2010-08-22, 10:35
Hi,

This looks more like a software/hardware issue than malware related one but let's see fresh dds logs. Post contents of those, please.

CaffeinatedPonderer
2010-08-23, 04:32
Thanks for taking this one Blade.

Checked hardware (wakeup on lan) and am at a loss SW wise, but optimistic about your advice :)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 21:26:24.92 on Sun 08/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2264 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
E:\Java\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
E:\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Mozilla Firefox\firefox.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(5).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: e:\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

=============== Created Last 30 ================

2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 21:27:55.14 ===============

Blade81
2010-08-23, 07:58
Hi,

Update Antivir definitions. Those seem to be outdated.

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. When ready post fresh dds logs.

CaffeinatedPonderer
2010-08-25, 04:17
Hi,
Update Antivir definitions. Those seem to be outdated.

It's odd the log has an April date, the pgm says it was last updated Aug 15th. Reupdated.


Hi,
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.

Done. Since when did we start using Secunia? Is it the new standard?


Hi,
When ready post fresh dds logs.
[/QUOTE]
Attached and appended:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 21:08:31.20 on Tue 08/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2089 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Java\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\SPSSInc\Statistics17\law.exe
E:\Program Files\SPSSInc\Statistics17\JRE\bin\javaw.exe
E:\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Secunia\PSI\psi.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\install_flash_player_ax.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(6).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - e:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: e:\picasa3\npPicasa3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: e:\program files\videolan\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

=============== Created Last 30 ================

2010-08-24 02:21:05 0 d-----w- c:\documents and settings\administrator\.spss
2010-08-24 02:04:27 114 ----a-w- c:\windows\system32\prsgrc.tgz
2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-08-24 02:04:27 100 ----a-w- c:\windows\system32\prsgrc.dll
2010-08-24 01:59:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SPSS
2010-08-23 14:52:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2010-08-23 14:51:52 0 d-----w- c:\program files\common files\SPSS
2010-08-23 14:50:26 219 ----a-w- c:\windows\system32\lsprst7.tgz
2010-08-23 14:50:26 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-08-23 14:50:26 16 ---h--w- c:\windows\system32\servdat.slm
2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.tgz
2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

==================== Find3M ====================

2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 21:10:43.76 ===============

Blade81
2010-08-25, 17:15
Hi,


Since when did we start using Secunia? Is it the new standard?
No. Just wanted to make sure outdated programs are updated to non vulnerable ones. Seems that latest log still has outdated (and so vulnerable) programs installed. Did you scan system with Secunia PSI and fix all its findings? Java and some Adobe products are outdated.

CaffeinatedPonderer
2010-08-26, 02:36
Gotcha.

I had issues with newer versions of Adobe being sluggish, but if you insist I'll update.

The Java update did not show up in Secunia, but I'll scan again.

CaffeinatedPonderer
2010-08-26, 06:14
Secunia was clean.

Still did not update Java - how do you suggest I go about this:

DDS attached and appended:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 23:11:10.07 on Wed 08/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2418 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Java\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\WINDOWS\system32\igfxext.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
E:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(7).scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - e:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282710749531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: e:\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: e:\picasa3\npPicasa3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: e:\program files\videolan\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

=============== Created Last 30 ================

2010-08-26 01:27:17 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-26 01:21:14 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-08-25 14:10:13 0 d-----w- c:\docume~1\admini~1\applic~1\Antcom ToolBar
2010-08-25 05:14:04 0 d-----w- c:\windows\system32\XPSViewer
2010-08-25 05:13:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-25 05:13:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-25 05:13:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-25 05:13:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-25 05:13:25 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-25 05:13:25 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-25 05:13:25 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-24 02:21:05 0 d-----w- c:\documents and settings\administrator\.spss
2010-08-24 02:04:27 114 ----a-w- c:\windows\system32\prsgrc.tgz
2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-08-24 02:04:27 100 ----a-w- c:\windows\system32\prsgrc.dll
2010-08-24 01:59:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SPSS
2010-08-23 14:52:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2010-08-23 14:51:52 0 d-----w- c:\program files\common files\SPSS
2010-08-23 14:50:26 219 ----a-w- c:\windows\system32\lsprst7.tgz
2010-08-23 14:50:26 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-08-23 14:50:26 16 ---h--w- c:\windows\system32\servdat.slm
2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.tgz
2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

==================== Find3M ====================

2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 23:12:22.31 ===============

Blade81
2010-08-26, 16:19
Hi,

I had issues with newer versions of Adobe being sluggish, but if you insist I'll update.
Outdated versions are enough for attackers to compromise system. If up-to-date version is too slow the I recommend to consider one of those other options I listed earlier.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

I didn't spot anything infection related in your logs.

Blade81
2010-09-01, 17:18
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.