View Full Version : DDS.txt posted
Hi,
I had Spybot - S&D scan the computer in Safe Mode and "Click.GiftLoad" kept reappearing. The DDS.txt is posted below:
Haha sorry! I realized the DDS.txt did not paste:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Merica at 20:57:54.98 on 04/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Merica\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {904D9CB1-7A38-457B-A33A-CE2E1C628562} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\documents and settings\merica\local settings\application data\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [KONICA MINOLTA PagePro 1350WStatusDisplay] c:\windows\system32\MSTMON_Q.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167073732226
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinter20100625.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\merica\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqNHAQj
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\merica\applic~1\mozilla\firefox\profiles\jyrdrdo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {D1801EE8-36C7-4210-9C9B-C0857B05B142} - c:\documents and settings\merica\local settings\application data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
FF - Ext: XULRunner: {8472EC84-3A23-4A1D-9014-4B07A467742E} - c:\documents and settings\susanna\local settings\application data\{8472EC84-3A23-4A1D-9014-4B07A467742E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R? ccPwdSvc;Symantec Password Validation
R? fsssvc;Windows Live Family Safety Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MLPTDR_Q;MLPTDR_Q
R? SavRoam;SavRoam
R? z520bus;Sony Ericsson 520 driver (WDM)
R? z520mdfl;Sony Ericsson 520 USB WMC Modem Filter
R? z520mdm;Sony Ericsson 520 USB WMC Modem Drivers
R? z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers
R? z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? fssfltr;fssfltr
S? MpFilter;Microsoft Malware Protection Driver
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NICSer_WPC54GS;NICSer_WPC54GS
S? SAVRT;SAVRT
S? SAVRTPEL;SAVRTPEL
S? Symantec AntiVirus;Symantec AntiVirus
.
=============== Created Last 30 ================
.
2011-04-04 03:18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 03:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 03:18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 01:50:57 -------- d-----w- C:\UBCD4Win(1)
2011-04-04 01:25:02 -------- d-----w- C:\UBCD4Win
2011-04-04 00:55:57 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\Symantec
2011-04-02 01:34:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-02 01:34:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-31 01:43:37 -------- d-----w- c:\program files\Marcos Velasco Security
2011-03-31 01:39:22 -------- d-----w- c:\program files\CCleaner
2011-03-31 00:38:41 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 01:55:03 -------- d-----w- c:\windows\system32\NtmsData
2011-03-28 21:01:30 -------- d-----w- c:\docume~1\merica\applic~1\AVG10
2011-03-28 20:35:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-28 01:52:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-27 02:05:29 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\ConduitEngine
2011-03-27 02:05:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-27 02:05:25 -------- d-----w- c:\program files\ConduitEngine
2011-03-27 01:39:30 0 ----a-w- c:\windows\Dzimihosozid.bin
2011-03-27 01:39:26 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
2011-03-27 01:39:09 -------- d-----w- c:\docume~1\merica\applic~1\OfferBox
2011-03-27 01:38:55 -------- d-----w- c:\program files\OfferBox
2011-03-27 01:37:47 135168 --sha-r- c:\windows\system32\localseci.dll
2011-03-27 01:37:46 149504 --sha-r- c:\windows\system32\dsprop0.dll
2011-03-27 01:37:46 149504 --sha-r- c:\windows\system32\dplayxv.dll
2011-03-20 20:46:46 -------- d-----w- c:\program files\UFile 2010
.
==================== Find3M ====================
.
1998-01-23 01:54:34 207456 ----a-w- c:\program files\GLOSFREN.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHT2060AT_PL rev.0022 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B69439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b6f7d0]; MOV EAX, [0x82b6f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82B49AB8]
3 CLASSPNP[0xF85B705B] -> nt!IofCallDriver[0x804E37D5] -> [0x82AEA938]
\Driver\atapi[0x82B8F998] -> IRP_MJ_CREATE -> 0x82B69439
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskFUJITSU_MHT2060AT_PL____________________0022____#5&956a150&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B6927F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:04:18.89 ===============
Spybot results:
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-04-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
shelf life
2011-04-08, 01:58
hi selina,
You have a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.
The best source for information on how to do this would be the computer manufacturers website.
To clean up the machine with current utilities proceed as follows:
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Hi!
Thank you for the reply! I copied and pasted the TDSS report below since it was too big to attach:
2011/04/09 17:03:29.0266 3364 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 17:03:30.0027 3364 ================================================================================
2011/04/09 17:03:30.0027 3364 SystemInfo:
2011/04/09 17:03:30.0027 3364
2011/04/09 17:03:30.0057 3364 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/09 17:03:30.0057 3364 Product type: Workstation
2011/04/09 17:03:30.0057 3364 ComputerName: GIE
2011/04/09 17:03:30.0057 3364 UserName: Merica
2011/04/09 17:03:30.0057 3364 Windows directory: C:\WINDOWS
2011/04/09 17:03:30.0057 3364 System windows directory: C:\WINDOWS
2011/04/09 17:03:30.0057 3364 Processor architecture: Intel x86
2011/04/09 17:03:30.0057 3364 Number of processors: 1
2011/04/09 17:03:30.0057 3364 Page size: 0x1000
2011/04/09 17:03:30.0057 3364 Boot type: Normal boot
2011/04/09 17:03:30.0057 3364 ================================================================================
2011/04/09 17:03:31.0890 3364 Initialize success
2011/04/09 17:03:39.0100 3440 ================================================================================
2011/04/09 17:03:39.0100 3440 Scan started
2011/04/09 17:03:39.0100 3440 Mode: Manual;
2011/04/09 17:03:39.0100 3440 ================================================================================
2011/04/09 17:03:50.0517 3440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/04/09 17:03:51.0769 3440 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/09 17:03:52.0540 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/09 17:03:53.0401 3440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/04/09 17:03:55.0013 3440 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/09 17:03:56.0225 3440 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/09 17:03:57.0146 3440 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/09 17:03:58.0128 3440 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/04/09 17:03:58.0799 3440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/04/09 17:03:59.0520 3440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/04/09 17:04:01.0062 3440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/04/09 17:04:02.0654 3440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/04/09 17:04:03.0405 3440 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/04/09 17:04:05.0178 3440 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/04/09 17:04:06.0059 3440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/04/09 17:04:07.0020 3440 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/09 17:04:08.0292 3440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/04/09 17:04:10.0135 3440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/04/09 17:04:10.0936 3440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/04/09 17:04:12.0058 3440 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/04/09 17:04:13.0350 3440 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/09 17:04:14.0241 3440 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/09 17:04:16.0344 3440 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/09 17:04:17.0265 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/09 17:04:17.0776 3440 BCM43XX (ae96075a3aed5c40f1ead477ea94acd7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/09 17:04:19.0899 3440 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/04/09 17:04:21.0201 3440 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/04/09 17:04:22.0663 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/09 17:04:24.0355 3440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/04/09 17:04:25.0597 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/09 17:04:26.0569 3440 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\System32\CBTNDIS5.SYS
2011/04/09 17:04:27.0470 3440 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/09 17:04:28.0622 3440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/04/09 17:04:29.0713 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/09 17:04:30.0544 3440 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/09 17:04:32.0117 3440 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/09 17:04:33.0909 3440 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/09 17:04:34.0230 3440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/04/09 17:04:35.0311 3440 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/09 17:04:35.0662 3440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/04/09 17:04:36.0453 3440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/04/09 17:04:36.0653 3440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/04/09 17:04:37.0454 3440 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/09 17:04:46.0858 3440 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/09 17:04:49.0802 3440 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/09 17:04:50.0954 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/09 17:04:51.0695 3440 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/09 17:04:54.0549 3440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/04/09 17:04:55.0851 3440 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/09 17:04:56.0141 3440 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/09 17:04:57.0012 3440 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/09 17:04:57.0403 3440 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/09 17:04:58.0154 3440 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/04/09 17:04:58.0815 3440 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/04/09 17:04:59.0886 3440 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/09 17:05:00.0517 3440 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/09 17:05:00.0658 3440 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/09 17:05:00.0808 3440 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/09 17:05:00.0958 3440 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/09 17:05:02.0060 3440 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/04/09 17:05:02.0660 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/09 17:05:03.0291 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/09 17:05:04.0403 3440 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/09 17:05:05.0535 3440 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/09 17:05:06.0907 3440 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/09 17:05:07.0578 3440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/04/09 17:05:08.0038 3440 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/09 17:05:09.0030 3440 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/09 17:05:10.0151 3440 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/09 17:05:10.0932 3440 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/09 17:05:11.0553 3440 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/09 17:05:11.0703 3440 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/04/09 17:05:11.0914 3440 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/09 17:05:12.0314 3440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/04/09 17:05:12.0505 3440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/04/09 17:05:12.0705 3440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/04/09 17:05:12.0865 3440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/04/09 17:05:13.0156 3440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/04/09 17:05:13.0296 3440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/04/09 17:05:13.0506 3440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/04/09 17:05:13.0796 3440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/04/09 17:05:14.0357 3440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/04/09 17:05:14.0858 3440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/04/09 17:05:15.0229 3440 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/09 17:05:15.0359 3440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/04/09 17:05:15.0459 3440 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/09 17:05:15.0619 3440 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/09 17:05:15.0719 3440 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/09 17:05:15.0889 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/09 17:05:16.0030 3440 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/09 17:05:16.0330 3440 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/09 17:05:16.0420 3440 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/09 17:05:16.0500 3440 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/09 17:05:16.0621 3440 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/09 17:05:16.0741 3440 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/09 17:05:17.0001 3440 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/09 17:05:17.0171 3440 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/09 17:05:17.0281 3440 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/09 17:05:17.0592 3440 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/04/09 17:05:17.0722 3440 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\WINDOWS\system32\MLPTDR_Q.SYS
2011/04/09 17:05:18.0103 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/09 17:05:18.0223 3440 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/09 17:05:18.0283 3440 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/09 17:05:18.0443 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/09 17:05:18.0623 3440 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/09 17:05:18.0874 3440 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/09 17:05:19.0134 3440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/04/09 17:05:19.0314 3440 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/09 17:05:19.0585 3440 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/09 17:05:20.0015 3440 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/09 17:05:20.0456 3440 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/09 17:05:20.0756 3440 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/09 17:05:20.0927 3440 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/09 17:05:21.0367 3440 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/09 17:05:23.0981 3440 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/09 17:05:24.0151 3440 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/09 17:05:24.0241 3440 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/09 17:05:24.0562 3440 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090224.017\naveng.sys
2011/04/09 17:05:24.0842 3440 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090224.017\navex15.sys
2011/04/09 17:05:25.0143 3440 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/09 17:05:25.0243 3440 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/09 17:05:25.0433 3440 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/09 17:05:25.0553 3440 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/09 17:05:25.0714 3440 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/09 17:05:25.0934 3440 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/09 17:05:26.0064 3440 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/09 17:05:26.0174 3440 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/09 17:05:26.0314 3440 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/09 17:05:26.0435 3440 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/09 17:05:26.0625 3440 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/09 17:05:27.0116 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/09 17:05:27.0316 3440 nv (a933bec064aa03da7af5d259d8ea73e1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/09 17:05:27.0767 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/09 17:05:27.0847 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/09 17:05:27.0997 3440 odysseyIM3 (dd03bdd1459d1966ee640f63221c175a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
2011/04/09 17:05:28.0127 3440 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/09 17:05:28.0237 3440 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/09 17:05:28.0588 3440 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/04/09 17:05:28.0668 3440 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/09 17:05:28.0728 3440 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/09 17:05:28.0918 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/09 17:05:29.0078 3440 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/09 17:05:29.0299 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/09 17:05:29.0389 3440 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/09 17:05:30.0340 3440 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/04/09 17:05:30.0581 3440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/04/09 17:05:30.0771 3440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/04/09 17:05:31.0131 3440 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/04/09 17:05:31.0402 3440 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/09 17:05:31.0542 3440 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/09 17:05:31.0762 3440 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/09 17:05:31.0973 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/09 17:05:32.0143 3440 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/09 17:05:32.0343 3440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/04/09 17:05:32.0433 3440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/04/09 17:05:32.0523 3440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/04/09 17:05:32.0634 3440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/04/09 17:05:32.0774 3440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/04/09 17:05:33.0505 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/09 17:05:34.0076 3440 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/09 17:05:35.0057 3440 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/09 17:05:35.0428 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/09 17:05:35.0618 3440 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/09 17:05:35.0858 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/09 17:05:36.0930 3440 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/09 17:05:37.0631 3440 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/09 17:05:38.0742 3440 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/09 17:05:39.0313 3440 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/04/09 17:05:40.0134 3440 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/04/09 17:05:40.0785 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/09 17:05:41.0046 3440 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/09 17:05:41.0496 3440 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/09 17:05:41.0997 3440 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/04/09 17:05:42.0528 3440 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/04/09 17:05:42.0868 3440 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/09 17:05:43.0539 3440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/09 17:05:44.0360 3440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/04/09 17:05:44.0761 3440 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/09 17:05:45.0272 3440 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/09 17:05:45.0672 3440 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/09 17:05:46.0133 3440 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/09 17:05:46.0323 3440 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/09 17:05:46.0524 3440 STAC97 (b3034de9020cde2c46f653d972446bf2) C:\WINDOWS\system32\drivers\stac97.sys
2011/04/09 17:05:47.0094 3440 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/09 17:05:47.0184 3440 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/09 17:05:47.0575 3440 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/09 17:05:47.0755 3440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/04/09 17:05:48.0116 3440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/04/09 17:05:48.0496 3440 SYMDNS (b3b20f43f2242a578e29a17af976e04c) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/04/09 17:05:48.0697 3440 SymEvent (9351e17b2c6055cb0df442e54e5c1961) C:\Program Files\Symantec\SYMEVENT.SYS
2011/04/09 17:05:48.0987 3440 SYMFW (c7cfd475ec898d3bc7072d1b2dc6ef55) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/04/09 17:05:49.0107 3440 SYMIDS (b18988d3d7d3ff6fce633b7aa800c18f) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/04/09 17:05:49.0207 3440 SYMIDSCO (c7f37ed85943572700ad8db0880cc08f) C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS
2011/04/09 17:05:49.0298 3440 SYMNDIS (c99cebae90c6a2351b0eaab861dfc948) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/04/09 17:05:49.0378 3440 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/09 17:05:49.0468 3440 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/09 17:05:49.0668 3440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/04/09 17:05:49.0738 3440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/04/09 17:05:49.0948 3440 SynTP (36460e94bbb8c1a1a1c22e45a28fb955) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/09 17:05:50.0149 3440 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/09 17:05:50.0309 3440 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/09 17:05:50.0579 3440 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/09 17:05:50.0730 3440 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/09 17:05:50.0900 3440 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/09 17:05:51.0050 3440 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/09 17:05:51.0200 3440 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/09 17:05:51.0751 3440 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/09 17:05:52.0312 3440 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/09 17:05:52.0522 3440 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/09 17:05:52.0692 3440 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/09 17:05:52.0843 3440 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/09 17:05:53.0053 3440 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/09 17:05:53.0423 3440 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/09 17:05:54.0034 3440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/04/09 17:05:54.0525 3440 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/09 17:05:54.0866 3440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/04/09 17:05:55.0046 3440 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/09 17:05:55.0266 3440 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/09 17:05:55.0376 3440 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/09 17:05:55.0677 3440 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/09 17:05:55.0807 3440 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/09 17:05:56.0017 3440 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/09 17:05:56.0197 3440 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/09 17:05:56.0658 3440 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/09 17:05:56.0878 3440 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/09 17:05:57.0049 3440 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/09 17:05:57.0569 3440 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/04/09 17:05:58.0020 3440 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/04/09 17:05:58.0180 3440 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/09 17:05:58.0471 3440 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/09 17:05:58.0791 3440 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/09 17:05:59.0032 3440 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/09 17:05:59.0282 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/09 17:05:59.0472 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/09 17:05:59.0953 3440 z520bus (f0f412800d61bb5614fc567d272b4071) C:\WINDOWS\system32\DRIVERS\z520bus.sys
2011/04/09 17:06:00.0323 3440 z520mdfl (c74e6f770617cd75a50bb655baa37a87) C:\WINDOWS\system32\DRIVERS\z520mdfl.sys
2011/04/09 17:06:00.0824 3440 z520mdm (c5897913d4ce3d851573b52c33055cb2) C:\WINDOWS\system32\DRIVERS\z520mdm.sys
2011/04/09 17:06:02.0356 3440 z520mgmt (0e9c6528bbe7b83cb179ade881eaa38e) C:\WINDOWS\system32\DRIVERS\z520mgmt.sys
2011/04/09 17:06:02.0927 3440 z520obex (f69d28f2b6d6f4493e564549a2d9816b) C:\WINDOWS\system32\DRIVERS\z520obex.sys
2011/04/09 17:06:03.0057 3440 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/09 17:06:03.0067 3440 ================================================================================
2011/04/09 17:06:03.0067 3440 Scan finished
2011/04/09 17:06:03.0067 3440 ================================================================================
2011/04/09 17:06:03.0087 1820 Detected object count: 1
2011/04/09 17:06:16.0547 1820 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/09 17:06:16.0547 1820 \HardDisk0 - ok
2011/04/09 17:06:16.0547 1820 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/09 17:06:29.0986 2264 Deinitialize success
Is there anything else I need to do after the TDSS scan?
Thanks for all the help, shelf_life! :)
selina
shelf life
2011-04-10, 01:44
Is there anything else I need to do after the TDSS scan
Yes you can check malwarebytes for updates and do a full scan with it, please post the log:
After checking for updates; select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
After the above rescan and post a new DDS log also please.
Malwarebytes Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6321
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
09/04/2011 10:43:46 PM
mbam-log-2011-04-09 (22-43-46).txt
Scan type: Full scan (C:\|)
Objects scanned: 326721
Time elapsed: 2 hour(s), 14 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP7\A0007849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
--------
DDS Log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Merica at 22:50:46.68 on 09/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.49 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Merica\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {904D9CB1-7A38-457B-A33A-CE2E1C628562} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\documents and settings\merica\local settings\application data\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [KONICA MINOLTA PagePro 1350WStatusDisplay] c:\windows\system32\MSTMON_Q.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\docume~1\merica\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter with speedbooster\Startup.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167073732226
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinter20100625.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\merica\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqNHAQj
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\merica\applic~1\mozilla\firefox\profiles\jyrdrdo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {D1801EE8-36C7-4210-9C9B-C0857B05B142} - c:\documents and settings\merica\local settings\application data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
FF - Ext: XULRunner: {8472EC84-3A23-4A1D-9014-4B07A467742E} - c:\documents and settings\susanna\local settings\application data\{8472EC84-3A23-4A1D-9014-4B07A467742E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-5 54752]
R2 NICSer_WPC54GS;NICSer_WPC54GS;c:\program files\linksys\wireless-g notebook adapter with speedbooster\NICServ.exe [2005-10-14 455680]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090224.017\naveng.sys [2009-2-25 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090224.017\navex15.sys [2009-2-25 876144]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-7-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-7-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-7-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-7-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-7-26 82864]
.
=============== Created Last 30 ================
.
2011-04-04 03:18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 03:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 03:18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 01:50:57 -------- d-----w- C:\UBCD4Win(1)
2011-04-04 01:25:02 -------- d-----w- C:\UBCD4Win
2011-04-04 00:55:57 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\Symantec
2011-04-02 01:34:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-02 01:34:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-31 01:43:37 -------- d-----w- c:\program files\Marcos Velasco Security
2011-03-31 01:39:22 -------- d-----w- c:\program files\CCleaner
2011-03-31 00:38:41 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 01:55:03 -------- d-----w- c:\windows\system32\NtmsData
2011-03-28 21:01:30 -------- d-----w- c:\docume~1\merica\applic~1\AVG10
2011-03-28 20:35:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-28 01:52:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-27 02:05:29 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\ConduitEngine
2011-03-27 02:05:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-27 02:05:25 -------- d-----w- c:\program files\ConduitEngine
2011-03-27 01:39:30 0 ----a-w- c:\windows\Dzimihosozid.bin
2011-03-27 01:39:26 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
2011-03-27 01:39:09 -------- d-----w- c:\docume~1\merica\applic~1\OfferBox
2011-03-27 01:38:55 -------- d-----w- c:\program files\OfferBox
2011-03-27 01:37:47 135168 --sha-r- c:\windows\system32\localseci.dll
2011-03-27 01:37:46 149504 --sha-r- c:\windows\system32\dsprop0.dll
2011-03-27 01:37:46 149504 --sha-r- c:\windows\system32\dplayxv.dll
2011-03-20 20:46:46 -------- d-----w- c:\program files\UFile 2010
.
==================== Find3M ====================
.
1998-01-23 01:54:34 207456 ----a-w- c:\program files\GLOSFREN.EXE
.
============= FINISH: 22:53:51.88 ===============
shelf life
2011-04-10, 15:50
Ok thanks for all the info, we will get one more download to use. Its called Combofix. There is a guide to read first before using it. Read through the guide and apply the directions on your own machine. Post the combofix log in your reply:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Hi,
The ComboFix Log is posted below:
ComboFix 11-04-10.01 - Merica 10/04/2011 20:19:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.223 [GMT -4:00]
Running from: c:\documents and settings\Merica\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Edmund\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Edmund\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Guest\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Merica\Application Data\OfferBox
c:\documents and settings\Merica\Application Data\OfferBox\config.xml
c:\documents and settings\Merica\Application Data\PriceGong
c:\documents and settings\Merica\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Susanna\Application Data\OfferBox
c:\documents and settings\Susanna\Application Data\OfferBox\config.xml
c:\documents and settings\Susanna\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Susanna\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Susanna\WINDOWS
c:\program files\dobe~1
c:\program files\ecurit~1
c:\program files\OfferBox
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\career.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\close.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\help.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\off.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\on.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\career.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\customer.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\endless.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\global.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\cook.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cook\stove.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\click.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\cursor\open.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\idle.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\lower.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\upper.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\strings.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\check.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\clock.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\closed.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\expert.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\jar.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\level.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\score.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\sound.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\staron.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92\dinerdash.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\mantec~1
c:\windows\system32\drivers\fad.sys
c:\windows\system32\egrkqkhk.ini
c:\windows\system32\ihgqnxth.ini
c:\windows\system32\mcroso~1.net
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-05 00:12 . 2011-04-05 00:13 -------- d-----w- c:\program files\ERUNT
2011-04-04 23:54 . 2011-04-04 23:56 -------- d-----w- c:\documents and settings\Administrator
2011-04-04 03:18 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 03:18 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 03:18 . 2011-04-04 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 01:25 . 2011-04-04 01:49 -------- d-----w- C:\UBCD4Win
2011-04-04 00:55 . 2011-04-04 00:55 -------- d-----w- c:\documents and settings\Merica\Local Settings\Application Data\Symantec
2011-04-02 01:34 . 2011-04-02 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-02 01:34 . 2011-04-02 01:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-31 01:43 . 2011-03-31 01:43 -------- d-----w- c:\program files\Marcos Velasco Security
2011-03-31 01:39 . 2011-03-31 01:41 -------- d-----w- c:\program files\CCleaner
2011-03-31 00:38 . 2011-03-31 00:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 01:55 . 2011-03-30 01:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-30 01:09 . 2011-03-30 01:09 -------- d-----w- c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}
2011-03-28 21:01 . 2011-03-28 21:01 -------- d-----w- c:\documents and settings\Merica\Application Data\AVG10
2011-03-28 20:35 . 2011-03-28 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-03-28 01:52 . 2011-03-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-27 02:05 . 2011-03-29 00:34 -------- d-----w- c:\documents and settings\Merica\Local Settings\Application Data\ConduitEngine
2011-03-27 02:05 . 2011-03-27 02:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-27 02:05 . 2011-03-27 02:05 -------- d-----w- c:\program files\ConduitEngine
2011-03-27 01:57 . 2011-03-27 01:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-27 01:39 . 2011-03-29 05:22 0 ----a-w- c:\windows\Dzimihosozid.bin
2011-03-27 01:39 . 2011-03-27 01:39 -------- d-----w- c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
2011-03-27 01:37 . 2011-03-27 01:37 135168 --sha-r- c:\windows\system32\localseci.dll
2011-03-27 01:37 . 2011-03-27 01:37 149504 --sha-r- c:\windows\system32\dplayxv.dll
2011-03-27 01:37 . 2011-03-27 01:37 149504 --sha-r- c:\windows\system32\dsprop0.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1998-01-23 01:54 . 2006-07-30 02:10 207456 ----a-w- c:\program files\GLOSFREN.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Skype"="c:\documents and settings\Merica\Local Settings\Application Data\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-22 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-08-13 26112]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 135168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-05 487424]
.
c:\documents and settings\Merica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Wireless-G Notebook Adapter with SpeedBooster Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe [2005-10-14 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-itŪ Software Notes Lite.lnk]
backup=c:\windows\pss\Post-itŪ Software Notes Lite.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Merica\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Merica\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
.
R2 NICSer_WPC54GS;NICSer_WPC54GS;c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe [14/10/2005 5:56 PM 455680]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\SYSTEM32\MLPTDR_Q.SYS [18/11/2004 10:13 PM 18848]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\SYSTEM32\DRIVERS\z520bus.sys [26/07/2005 11:13 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\z520mdfl.sys [26/07/2005 11:15 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\SYSTEM32\DRIVERS\z520mdm.sys [26/07/2005 11:15 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\SYSTEM32\DRIVERS\z520mgmt.sys [26/07/2005 11:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\SYSTEM32\DRIVERS\z520obex.sys [26/07/2005 11:18 AM 82864]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13]
.
2011-04-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-13 18:20]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinter20100625.cab
FF - ProfilePath - c:\documents and settings\Merica\Application Data\Mozilla\Firefox\Profiles\jyrdrdo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {D1801EE8-36C7-4210-9C9B-C0857B05B142} - c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
FF - Ext: XULRunner: {8472EC84-3A23-4A1D-9014-4B07A467742E} - c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{904D9CB1-7A38-457B-A33A-CE2E1C628562} - (no file)
AddRemove-UBCD4Win_is1 - c:\ubcd4win(1)\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 21:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
.
**************************************************************************
.
Completion time: 2011-04-10 21:14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 01:14
.
Pre-Run: 31,477,231,616 bytes free
Post-Run: 33,144,098,816 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D29B18C12D168857795D3D74E9C235F3
Thanks again for all the help.
shelf life
2011-04-11, 23:57
ok thanks for the info. We will use combofix.
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
File::
c:\windows\system32\localseci.dll
c:\windows\system32\dplayxv.dll
c:\windows\system32\dsprop0.dll
c:\program files\GLOSFREN.EXE
c:\windows\Dzimihosozid.bin
Name the Notepad file CFScript.txt and Save it to your desktop.
Now locate the file you just saved (CFScript.txt) and the combofix icon, both on your desktop
Using your mouse drag the CFScript right on top of the combofix icon and release, Combofix will run and produce a new log
Please post the new combofix log.
New ComboFix log:
ComboFix 11-04-11.02 - Merica 11/04/2011 19:19:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.259 [GMT -4:00]
Running from: c:\documents and settings\Merica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Merica\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\program files\GLOSFREN.EXE"
"c:\windows\Dzimihosozid.bin"
"c:\windows\system32\dplayxv.dll"
"c:\windows\system32\dsprop0.dll"
"c:\windows\system32\localseci.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Merica\Application Data\PriceGong
c:\documents and settings\Merica\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Merica\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}
c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}\chrome.manifest
c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}\chrome\content\_cfg.js
c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}\chrome\content\overlay.xul
c:\documents and settings\Merica\Local Settings\Application Data\{D1801EE8-36C7-4210-9C9B-C0857B05B142}\install.rdf
c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}
c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}\chrome.manifest
c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}\chrome\content\_cfg.js
c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}\chrome\content\overlay.xul
c:\documents and settings\Susanna\Local Settings\Application Data\{8472EC84-3A23-4A1D-9014-4B07A467742E}\install.rdf
c:\program files\GLOSFREN.EXE
c:\windows\Dzimihosozid.bin
c:\windows\system32\dplayxv.dll
c:\windows\system32\dsprop0.dll
c:\windows\system32\localseci.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-05 00:12 . 2011-04-05 00:13 -------- d-----w- c:\program files\ERUNT
2011-04-04 23:54 . 2011-04-04 23:56 -------- d-----w- c:\documents and settings\Administrator
2011-04-04 03:18 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 03:18 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 03:18 . 2011-04-04 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 01:25 . 2011-04-04 01:49 -------- d-----w- C:\UBCD4Win
2011-04-04 00:55 . 2011-04-04 00:55 -------- d-----w- c:\documents and settings\Merica\Local Settings\Application Data\Symantec
2011-04-02 01:34 . 2011-04-02 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-02 01:34 . 2011-04-02 01:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-31 01:43 . 2011-03-31 01:43 -------- d-----w- c:\program files\Marcos Velasco Security
2011-03-31 01:39 . 2011-03-31 01:41 -------- d-----w- c:\program files\CCleaner
2011-03-31 00:38 . 2011-03-31 00:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 01:55 . 2011-03-30 01:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-28 21:01 . 2011-03-28 21:01 -------- d-----w- c:\documents and settings\Merica\Application Data\AVG10
2011-03-28 20:35 . 2011-03-28 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-03-28 01:52 . 2011-03-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-27 02:05 . 2011-04-11 01:15 -------- d-----w- c:\documents and settings\Merica\Local Settings\Application Data\ConduitEngine
2011-03-27 02:05 . 2011-04-11 01:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-27 02:05 . 2011-04-11 01:15 -------- d-----w- c:\program files\ConduitEngine
2011-03-27 01:57 . 2011-03-27 01:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Skype"="c:\documents and settings\Merica\Local Settings\Application Data\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-22 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-08-13 26112]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 135168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-05 487424]
.
c:\documents and settings\Merica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Wireless-G Notebook Adapter with SpeedBooster Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe [2005-10-14 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-itŪ Software Notes Lite.lnk]
backup=c:\windows\pss\Post-itŪ Software Notes Lite.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Merica\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Merica\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
.
R2 NICSer_WPC54GS;NICSer_WPC54GS;c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe [14/10/2005 5:56 PM 455680]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\SYSTEM32\MLPTDR_Q.SYS [18/11/2004 10:13 PM 18848]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\SYSTEM32\DRIVERS\z520bus.sys [26/07/2005 11:13 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\z520mdfl.sys [26/07/2005 11:15 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\SYSTEM32\DRIVERS\z520mdm.sys [26/07/2005 11:15 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\SYSTEM32\DRIVERS\z520mgmt.sys [26/07/2005 11:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\SYSTEM32\DRIVERS\z520obex.sys [26/07/2005 11:18 AM 82864]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13]
.
2011-04-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-13 18:20]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinter20100625.cab
FF - ProfilePath - c:\documents and settings\Merica\Application Data\Mozilla\Firefox\Profiles\jyrdrdo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 19:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-11 19:36:27
ComboFix-quarantined-files.txt 2011-04-11 23:36
ComboFix2.txt 2011-04-11 01:14
.
Pre-Run: 33,077,317,632 bytes free
Post-Run: 33,062,260,736 bytes free
.
- - End Of File - - BACEBF547D027774C00AA50D077646A4
Thanks!
shelf life
2011-04-12, 20:11
hi,
Ok good. Please post a final DDS log then we can call it quits. You should still have the DDS.scr file on your desktop. If not:
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Merica at 21:05:20.14 on 12/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.137 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Documents and Settings\Merica\Local Settings\Application Data\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Merica\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\documents and settings\merica\local settings\application data\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [KONICA MINOLTA PagePro 1350WStatusDisplay] c:\windows\system32\MSTMON_Q.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\docume~1\merica\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter with speedbooster\Startup.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167073732226
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinter20100625.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\merica\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\merica\applic~1\mozilla\firefox\profiles\jyrdrdo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\merica\application data\mozilla\firefox\profiles\jyrdrdo9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-5 54752]
R2 NICSer_WPC54GS;NICSer_WPC54GS;c:\program files\linksys\wireless-g notebook adapter with speedbooster\NICServ.exe [2005-10-14 455680]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-7-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-7-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-7-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-7-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-7-26 82864]
.
=============== Created Last 30 ================
.
2011-04-11 23:38:54 -------- d-----w- c:\docume~1\merica\applic~1\PriceGong
2011-04-11 00:17:26 -------- d-sha-r- C:\cmdcons
2011-04-10 16:38:01 89088 ----a-w- c:\windows\MBR.exe
2011-04-10 16:38:00 98816 ----a-w- c:\windows\sed.exe
2011-04-10 16:38:00 256512 ----a-w- c:\windows\PEV.exe
2011-04-10 16:38:00 161792 ----a-w- c:\windows\SWREG.exe
2011-04-04 03:18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 03:18:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 03:18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 01:25:02 -------- d-----w- C:\UBCD4Win
2011-04-04 00:55:57 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\Symantec
2011-04-02 01:34:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-02 01:34:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-31 01:43:37 -------- d-----w- c:\program files\Marcos Velasco Security
2011-03-31 01:39:22 -------- d-----w- c:\program files\CCleaner
2011-03-31 00:38:41 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 01:55:03 -------- d-----w- c:\windows\system32\NtmsData
2011-03-28 21:01:30 -------- d-----w- c:\docume~1\merica\applic~1\AVG10
2011-03-28 20:35:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-28 01:52:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-27 02:05:29 -------- d-----w- c:\docume~1\merica\locals~1\applic~1\ConduitEngine
2011-03-27 02:05:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-27 02:05:25 -------- d-----w- c:\program files\ConduitEngine
.
==================== Find3M ====================
.
.
============= FINISH: 21:10:31.59 ===============
shelf life
2011-04-13, 23:40
ok good thanks for the info. You can delete both the tdsskiller and DDS.scr icon from your desktop. Combofix can be removed like this:
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /
Note the free version of malwarebytes must be updated manually and a scan started manually.
You can make a new restore point. The why and the how:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
And last some tips to help you remain malware free:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it. Can you really trust the source of the file?
More info/tips with pictures, links below
Happy Safe Surfing.
Thank you for all the help, shelf_life!
I will keep the prevention tips in mind for safe internet surfing!
Thanks again! :)