GaryInThailand
2010-10-14, 11:46
I have the identical symptom reported by Gorenth in the thread 'TR/Crypt.XPACK.Gen2 & Gen3 Repeated Re-infections'. Avira detects the TR/Crypt.XPACT Trojans, quarantines them, then reports more on the next scan.
Have backed up registry with ERUNT
Your help is greatlly appreciated.
DDS (Ver_10-10-10.03) - NTFSx86
Run by Gary at 15:32:36.48 on Thu 10/14/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.1638 [GMT 7:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\M-Audio USB Quattro\QuatTask.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Gary\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\m-audi~1.lnk - c:\program files\m-audio usb quattro\QuatTask.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279541284640
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\gary\applic~1\mozilla\firefox\profiles\c6beoyi9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Xfinity.com Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.5.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-12-14 174600]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-19 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-31 11608]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/31 15:06:07];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2010-1-15 633816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-31 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-31 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-31 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-19 198608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-30 304464]
R2 QuattroInstallerService;Quattro Installer;c:\program files\m-audio usb quattro\install\QuatInst.exe [2010-6-1 86016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-19 1142224]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-5-31 129024]
R3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [2010-6-1 9216]
R3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [2010-6-1 6656]
R3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [2010-6-1 41856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-30 20952]
R3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [2010-6-1 22368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-31 1057280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [2010-8-3 7168]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2009-10-15 22232]
S3 MAUSBRI;M-Audio Fast Track Ultra Service;c:\windows\system32\drivers\mausbftu.sys [2010-9-7 135944]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2010-8-3 34304]
S3 RDID1029;Roland Digital Piano;c:\windows\system32\drivers\rdwm1029.sys [2010-6-1 59553]
=============== Created Last 30 ================
2010-10-05 10:07:37 -------- d-----w- C:\ViewSonic
2010-10-05 00:58:10 -------- d-----w- c:\program files\M-Audio USB Quattro
2010-09-21 03:49:11 -------- d-----w- c:\program files\iPod
2010-09-21 03:49:09 -------- d-----w- c:\program files\iTunes
2010-09-19 06:45:33 -------- d-----w- c:\docume~1\gary\locals~1\applic~1\CutePDF Writer
2010-09-19 06:34:58 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-09-19 06:34:49 -------- d-----w- c:\program files\Acro Software
==================== Find3M ====================
2010-10-05 00:58:06 82944 ----a-w- c:\windows\system32\usbns4x4.dll
2010-10-05 00:58:06 724992 ----a-w- c:\windows\iun6002.exe
2010-09-08 04:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 04:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-20 00:11:01 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-19 07:26:11 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-19 07:26:10 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-19 07:26:09 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-16 22:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 19:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 15:35:01.65 ===============
Have backed up registry with ERUNT
Your help is greatlly appreciated.
DDS (Ver_10-10-10.03) - NTFSx86
Run by Gary at 15:32:36.48 on Thu 10/14/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.1638 [GMT 7:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\M-Audio USB Quattro\QuatTask.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Gary\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\m-audi~1.lnk - c:\program files\m-audio usb quattro\QuatTask.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279541284640
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\gary\applic~1\mozilla\firefox\profiles\c6beoyi9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Xfinity.com Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency.dll
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\c6beoyi9.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.5.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-12-14 174600]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-19 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-31 11608]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/31 15:06:07];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2010-1-15 633816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-31 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-31 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-31 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-19 198608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-30 304464]
R2 QuattroInstallerService;Quattro Installer;c:\program files\m-audio usb quattro\install\QuatInst.exe [2010-6-1 86016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-19 1142224]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-5-31 129024]
R3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [2010-6-1 9216]
R3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [2010-6-1 6656]
R3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [2010-6-1 41856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-30 20952]
R3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [2010-6-1 22368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-31 1057280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [2010-8-3 7168]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2009-10-15 22232]
S3 MAUSBRI;M-Audio Fast Track Ultra Service;c:\windows\system32\drivers\mausbftu.sys [2010-9-7 135944]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2010-8-3 34304]
S3 RDID1029;Roland Digital Piano;c:\windows\system32\drivers\rdwm1029.sys [2010-6-1 59553]
=============== Created Last 30 ================
2010-10-05 10:07:37 -------- d-----w- C:\ViewSonic
2010-10-05 00:58:10 -------- d-----w- c:\program files\M-Audio USB Quattro
2010-09-21 03:49:11 -------- d-----w- c:\program files\iPod
2010-09-21 03:49:09 -------- d-----w- c:\program files\iTunes
2010-09-19 06:45:33 -------- d-----w- c:\docume~1\gary\locals~1\applic~1\CutePDF Writer
2010-09-19 06:34:58 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-09-19 06:34:49 -------- d-----w- c:\program files\Acro Software
==================== Find3M ====================
2010-10-05 00:58:06 82944 ----a-w- c:\windows\system32\usbns4x4.dll
2010-10-05 00:58:06 724992 ----a-w- c:\windows\iun6002.exe
2010-09-08 04:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 04:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-20 00:11:01 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-19 07:26:11 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-19 07:26:10 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-19 07:26:09 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-16 22:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 19:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 15:35:01.65 ===============