Results 1 to 10 of 10

Thread: Computer comes out of sleep randomly - overheats

  1. #1
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default Computer comes out of sleep randomly - overheats

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/8/2010 11:19:19 AM
    System Uptime: 8/5/2010 7:06:27 PM (1 hours ago)

    Motherboard: FUJITSU | | FJNB1D4
    Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | Onboard | 2394/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 98 GiB total, 66.145 GiB free.
    D: is FIXED (NTFS) - 195 GiB total, 106.821 GiB free.
    E: is FIXED (NTFS) - 98 GiB total, 82.06 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP43: 5/6/2010 11:44:21 PM - System Checkpoint
    RP44: 5/7/2010 9:01:33 PM - Installed HiJackThis
    RP45: 5/10/2010 3:33:46 PM - System Checkpoint
    RP46: 5/23/2010 12:57:06 PM - Installed OmniPass
    RP47: 5/23/2010 3:30:13 PM - Removed Acrobat.com
    RP48: 5/23/2010 3:30:45 PM - Removed Adobe Flash Player 10 ActiveX.
    RP49: 5/23/2010 3:31:25 PM - Removed Adobe Media Player
    RP50: 5/24/2010 11:42:44 PM - System Checkpoint
    RP51: 5/28/2010 11:09:34 PM - System Checkpoint
    RP52: 6/6/2010 11:53:03 PM - System Checkpoint
    RP53: 6/8/2010 12:04:37 AM - System Checkpoint
    RP54: 6/10/2010 9:04:27 PM - System Checkpoint
    RP55: 6/12/2010 7:37:48 PM - System Checkpoint
    RP56: 6/14/2010 10:49:39 AM - System Checkpoint
    RP57: 6/14/2010 9:16:26 PM - Installed Realtek High Definition Audio Driver
    RP58: 6/15/2010 9:49:39 PM - System Checkpoint
    RP59: 6/16/2010 10:08:49 PM - System Checkpoint
    RP60: 6/17/2010 11:49:28 PM - System Checkpoint
    RP61: 6/20/2010 1:18:33 AM - System Checkpoint
    RP62: 6/21/2010 2:17:45 PM - System Checkpoint
    RP63: 6/23/2010 1:10:52 AM - System Checkpoint
    RP64: 6/24/2010 1:52:07 PM - System Checkpoint
    RP65: 6/25/2010 5:21:07 PM - System Checkpoint
    RP66: 6/26/2010 7:41:46 PM - System Checkpoint
    RP67: 6/29/2010 3:48:57 PM - System Checkpoint
    RP68: 6/30/2010 4:45:01 PM - System Checkpoint
    RP69: 7/31/2010 11:42:26 AM - System Checkpoint
    RP70: 7/31/2010 4:37:46 PM - Printer Driver WebEx Document Loader Installed
    RP71: 7/31/2010 4:38:20 PM - Installed Cisco Network Magic
    RP72: 7/1/2010 4:57:13 PM - Printer Driver SmarThru Office PC Fax Installed
    RP73: 7/1/2010 7:23:01 PM - Removed mSCfg
    RP74: 7/1/2010 7:23:25 PM - Removed mIWA
    RP75: 7/1/2010 7:23:30 PM - Removed mPfWiz
    RP76: 7/1/2010 7:23:35 PM - Removed mHelp
    RP77: 7/1/2010 7:23:39 PM - Removed mMHouse
    RP78: 7/1/2010 7:23:49 PM - Removed mLogView
    RP79: 7/1/2010 7:23:53 PM - Removed mZConfig
    RP80: 7/1/2010 7:23:58 PM - Removed mDrWiFi
    RP81: 7/1/2010 7:24:24 PM - Removed mCore
    RP82: 7/1/2010 7:24:47 PM - Removed mPfMgr
    RP83: 7/1/2010 7:24:51 PM - Installed Intel(R) PROSet/Wireless WiFi Software.
    RP84: 7/4/2010 11:06:13 PM - System Checkpoint
    RP85: 7/5/2010 11:09:01 PM - System Checkpoint
    RP86: 7/6/2009 6:43:12 PM - System Checkpoint
    RP87: 7/7/2010 12:16:40 AM - System Checkpoint
    RP88: 7/8/2010 8:32:24 PM - Removed Cisco Network Magic
    RP89: 7/8/2010 8:33:07 PM - Removed Pure Networks Platform
    RP90: 7/8/2010 8:38:29 PM - Installed Cisco Network Magic
    RP91: 7/8/2010 8:43:36 PM - Printer Driver SmarThru Office PC Fax Installed
    RP92: 7/13/2010 4:18:10 AM - System Checkpoint
    RP93: 7/14/2010 11:04:19 PM - System Checkpoint
    RP94: 7/15/2010 6:50:53 PM - Installed Ant.com IE add-on
    RP95: 7/19/2010 1:02:30 AM - System Checkpoint
    RP96: 7/20/2010 10:57:37 PM - System Checkpoint
    RP97: 7/22/2010 7:39:04 PM - System Checkpoint
    RP98: 7/23/2010 7:49:48 PM - System Checkpoint
    RP99: 7/26/2010 1:15:33 AM - System Checkpoint
    RP100: 7/27/2010 5:37:08 PM - System Checkpoint
    RP101: 7/29/2010 1:15:59 AM - System Checkpoint
    RP102: 7/30/2010 1:39:08 AM - System Checkpoint
    RP103: 8/1/2010 5:36:46 PM - System Checkpoint
    RP104: 8/2/2010 5:55:15 PM - System Checkpoint
    RP105: 8/4/2010 7:40:20 AM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe After Effects CS4 Third Party Content
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Download Manager
    Adobe Dreamweaver CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 8
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Agere Systems HDA Modem
    Allway Sync version 10.3.25
    Ant.com IE add-on
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Cisco Network Magic
    Connect
    COSMOSMotion 2007 SP0
    COSMOSWorks 2007 SP0
    DWGeditor
    eDrawings 2007
    ERUNT 1.1j
    Free RAR Extract Frog
    Fujitsu Button Driver Component
    Fujitsu Button Utilities
    Fujitsu Driver Update
    Fujitsu Hotkey Utility
    Fujitsu Pen Service
    Fujitsu System Extension Utility
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 2.0 (KB922981)
    Hotfix for Windows XP (KB915800-v4)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    JabRef 2.6
    Java Auto Updater
    Java(TM) 6 Update 19
    kuler
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.6)
    mProSafe
    MSXML 6.0 Parser
    mWlsSafe
    National Instruments Software
    Network Magic
    NI-DAQmx - LabVIEW shared documentation
    NI-RPC 4.1.1f0
    NI-RPC 4.1.1f0 for Phar Lap ETS
    NI Assistant Framework
    NI Assistant Framework LabVIEW 2009 Support
    NI Assistant Framework LabVIEW Code Generator 2009
    NI CodeSignAPI
    NI DataSocket 4.7.0
    NI Distributed System Manager 2009
    NI EULA Depot
    NI Example Finder 9.0
    NI Help Assistant
    NI Instrument IO Assistant for LabVIEW 9.0 32
    NI LabVIEW 2009
    NI LabVIEW 2009 Applibs
    NI LabVIEW 2009 CINtools
    NI LabVIEW 2009 Deployment Framework
    NI LabVIEW 2009 Examples
    NI LabVIEW 2009 gMath
    NI LabVIEW 2009 Help
    NI LabVIEW 2009 Help File
    NI LabVIEW 2009 Instr.lib
    NI LabVIEW 2009 License
    NI LabVIEW 2009 Manuals
    NI LabVIEW 2009 MeasAppChm File
    NI LabVIEW 2009 Menus
    NI LabVIEW 2009 Project
    NI LabVIEW 2009 Resource
    NI LabVIEW 2009 Simulation
    NI LabVIEW 2009 Templates
    NI LabVIEW 2009 User.lib
    NI LabVIEW 2009 VI.lib
    NI LabVIEW 2009 Web Server
    NI LabVIEW 2009 WWW
    NI LabVIEW Broker
    NI LabVIEW C Interface
    NI LabVIEW Compare Utility 9.0.0
    NI LabVIEW Deployable License 2009
    NI LabVIEW MAX XML
    NI LabVIEW Merge Utility 9.0.0
    NI LabVIEW Real-Time Error Dialog
    NI LabVIEW Real-Time FIFO for Runtime
    NI LabVIEW Real-Time NBFifo
    NI LabVIEW Run-Time Engine 2009
    NI LabVIEW Run-Time Engine 8.2.1
    NI LabVIEW Run-Time Engine Interop 2009
    NI LabVIEW Run-Time Engine Web Services
    NI LabVIEW Web Server for Run-Time Engine
    NI LabVIEW Web Services Runtime
    NI LabWindows/CVI 9.0 Run-Time Engine
    NI LabWindows/CVI Code Generator
    NI LabWindows/CVI DLL Builder for LabVIEW
    NI License Manager
    NI Logos 5.1
    NI Logos LabVIEW 2009 Support
    NI Logos XT Support
    NI LVBrokerAux 8.2.1
    NI Math Kernel Libraries
    NI MAX LabVIEW Support 4.6.0
    NI MAX Remote Configuration Installer 4.6
    NI MDF Support
    NI Measurement & Automation Explorer 4.6.0
    NI Measurement Studio Recipe Processor
    NI MXS 4.6.0
    NI MXS 4.6.0f0 for LabVIEW Real-Time
    NI OPC Support
    NI Portable Configuration 4.6.0
    NI Registration Wizard
    NI Remote Provider for MAX 4.6.0
    NI Remote PXI Provider for MAX 4.6.0
    NI Service Locator
    NI Software Provider for MAX 4.6.0
    NI SSL LabVIEW 2009 Support
    NI SSL Support
    NI System API RT
    NI System API Windows 32-bit
    NI System State Publisher
    NI TDM Excel Add-In 2.1
    NI TDMS
    NI Trace Engine
    NI Uninstaller
    NI USI 1.7.0
    NI Variable Engine 2.3.0
    NI Variable Engine LabVIEW 2009 Support
    NI VC2005MSMs x86
    NI VC2008MSMs x86
    NI Web Pipeline 2.0.1
    NI Xalan Delay Load 1.10.1
    NI Xerces Delay Load 2.7.1
    Notepad++
    O2Micro Flash Memory Card Windows Driver
    O2Micro Smartcard Driver
    OmniPass
    OneNote Make Subpage
    Online Armor 4.0
    PDF Settings CS4
    PDFCreator
    Photoshop Camera Raw
    Picasa 3
    Pixel Bender Toolkit
    Pure Networks Platform
    QuickTime
    Realtek High Definition Audio Driver
    SciPlore MindMapping
    Security Panel Application
    Security Panel Application for Supervisor
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB913433)
    Shock Sensor Utility
    Skype Toolbars
    Skype™ 4.2
    SolidWorks 2007 SP04
    SolidWorks Explorer 2007 sp0
    SolidWorks Installation Manager
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    Tablet PC Tutorials for Microsoft Windows XP SP2
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    UpToDate
    VLC media player 1.0.5
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See KB887626 for more information]
    Windows Search 4.0
    Windows XP Service Pack 3

    ==== End Of File ===========================



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 20:04:56.89 on Thu 08/05/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2240 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    E:\Java\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    E:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\wbem\unsecapp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    E:\Mozilla Firefox\firefox.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    E:\MICROS~1\Office12\OUTLOOK.EXE
    E:\Microsoft Office 2007\Office12\WINWORD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds(4).scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
    mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
    FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\java\bin\new_plugin\npjp2.dll
    FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
    FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
    FF - plugin: e:\picasa3\npPicasa3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
    R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
    R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
    R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
    R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
    R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
    S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

    =============== Created Last 30 ================

    2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
    2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
    2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings
    2010-07-15 23:29:15 0 d--h--w- c:\windows\PIF
    2010-07-15 22:50:54 0 d-----w- c:\program files\Ant.com
    2010-07-09 00:36:48 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2010-07-09 00:36:46 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
    2010-07-09 00:36:41 0 d-----w- c:\program files\common files\Pure Networks Shared
    2010-07-09 00:34:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

    ==================== Find3M ====================

    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 20:06:18.39 ===============

    This problem has not been solved, but I am posting some additional information:

    My laptop still turns on out of sleep randomly in my bag and overheats. However, I have also noticed a concurrent "Generic Host Process for Win32 Services" error when I restart.

    "Generic Host Process for Win32 Services
    Generic Host Process fo Win32 Services has encountered a problem and needs to close. We are sorr for the inconvenience
    ..."

    Aug 14th, 2010,
    I believe it may be a malware or software problem.

    Tx,
    CP
    Last edited by tashi; 2010-08-19 at 23:11. Reason: Merged two posts as per forum FAQ, responding to own topic removes a 0 response

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    This looks more like a software/hardware issue than malware related one but let's see fresh dds logs. Post contents of those, please.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Thanks for taking this one Blade.

    Checked hardware (wakeup on lan) and am at a loss SW wise, but optimistic about your advice


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 21:26:24.92 on Sun 08/22/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2264 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    E:\Java\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    E:\MICROS~1\Office12\OUTLOOK.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    E:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    E:\Mozilla Firefox\firefox.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds(5).scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
    mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
    FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\java\bin\new_plugin\npjp2.dll
    FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
    FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
    FF - plugin: e:\picasa3\npPicasa3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
    R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
    R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
    R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
    R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
    R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
    R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
    S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

    =============== Created Last 30 ================

    2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
    2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
    2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
    2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
    2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
    2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
    2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
    2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
    2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

    ==================== Find3M ====================

    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 21:27:55.14 ===============

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Update Antivir definitions. Those seem to be outdated.

    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. When ready post fresh dds logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,
    Update Antivir definitions. Those seem to be outdated.
    It's odd the log has an April date, the pgm says it was last updated Aug 15th. Reupdated.

    Quote Originally Posted by Blade81 View Post
    Hi,
    Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
    Done. Since when did we start using Secunia? Is it the new standard?

    Quote Originally Posted by Blade81 View Post
    Hi,
    When ready post fresh dds logs.
    [/QUOTE]
    Attached and appended:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 21:08:31.20 on Tue 08/24/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2089 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    E:\Java\bin\jqs.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    E:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    E:\Program Files\SPSSInc\Statistics17\law.exe
    E:\Program Files\SPSSInc\Statistics17\JRE\bin\javaw.exe
    E:\MICROS~1\Office12\OUTLOOK.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    E:\Program Files\Secunia\PSI\psi.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\install_flash_player_ax.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    E:\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds(6).scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
    mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - e:\program files\secunia\psi\psi.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
    FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\java\bin\new_plugin\npjp2.dll
    FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
    FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
    FF - plugin: e:\picasa3\npPicasa3.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
    FF - plugin: e:\program files\videolan\vlc\npvlc.dll
    FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
    R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
    R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
    R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
    R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
    S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

    =============== Created Last 30 ================

    2010-08-24 02:21:05 0 d-----w- c:\documents and settings\administrator\.spss
    2010-08-24 02:04:27 114 ----a-w- c:\windows\system32\prsgrc.tgz
    2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth2.dll
    2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth1.dll
    2010-08-24 02:04:27 100 ----a-w- c:\windows\system32\prsgrc.dll
    2010-08-24 01:59:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SPSS
    2010-08-23 14:52:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
    2010-08-23 14:51:52 0 d-----w- c:\program files\common files\SPSS
    2010-08-23 14:50:26 219 ----a-w- c:\windows\system32\lsprst7.tgz
    2010-08-23 14:50:26 205 ----a-w- c:\windows\system32\lsprst7.dll
    2010-08-23 14:50:26 16 ---h--w- c:\windows\system32\servdat.slm
    2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.tgz
    2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
    2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
    2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
    2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
    2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
    2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
    2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
    2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
    2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

    ==================== Find3M ====================

    2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 21:10:43.76 ===============

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Since when did we start using Secunia? Is it the new standard?
    No. Just wanted to make sure outdated programs are updated to non vulnerable ones. Seems that latest log still has outdated (and so vulnerable) programs installed. Did you scan system with Secunia PSI and fix all its findings? Java and some Adobe products are outdated.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Gotcha.

    I had issues with newer versions of Adobe being sluggish, but if you insist I'll update.

    The Java update did not show up in Secunia, but I'll scan again.

  8. #8
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Secunia was clean.

    Still did not update Java - how do you suggest I go about this:

    DDS attached and appended:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 23:11:10.07 on Wed 08/25/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2418 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    E:\Java\bin\jqs.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\WINDOWS\system32\igfxext.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    E:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    E:\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds(7).scr
    C:\WINDOWS\system32\SearchProtocolHost.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.fujitsu.com/computers
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\java\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
    mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
    mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
    mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
    mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "e:\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "e:\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "e:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\microsoft office 2007\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - e:\program files\secunia\psi\psi.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282710749531
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\26uz42yo.default\
    FF - component: e:\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\26uz42yo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: e:\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll
    FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\java\bin\new_plugin\npjp2.dll
    FF - plugin: e:\mozilla firefox\plugins\NPLV82Win32.dll
    FF - plugin: e:\mozilla firefox\plugins\nplv90win32.dll
    FF - plugin: e:\picasa3\npPicasa3.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
    FF - plugin: e:\program files\videolan\vlc\npvlc.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - e:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    e:\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    e:\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    e:\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    e:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    e:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    e:\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    e:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    e:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    e:\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    e:\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    e:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    e:\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    e:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    e:\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    e:\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    e:\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-19 8960]
    R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-19 10496]
    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-19 7168]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-8 11608]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 226680]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-8 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-8 267432]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-8 60936]
    R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
    R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3360760]
    R2 TLW32DRV;TLW32DRV;c:\windows\system32\drivers\tlw32drv.sys [2010-8-11 80921]
    R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2007-4-19 17920]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-19 4864]
    R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2007-4-19 30976]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-19 36608]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-8 92550]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-18 17408]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
    S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-4-18 14208]

    =============== Created Last 30 ================

    2010-08-26 01:27:17 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-08-26 01:21:14 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
    2010-08-25 14:10:13 0 d-----w- c:\docume~1\admini~1\applic~1\Antcom ToolBar
    2010-08-25 05:14:04 0 d-----w- c:\windows\system32\XPSViewer
    2010-08-25 05:13:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-08-25 05:13:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-08-25 05:13:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-08-25 05:13:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-08-25 05:13:25 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-08-25 05:13:25 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-08-25 05:13:25 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-08-24 02:21:05 0 d-----w- c:\documents and settings\administrator\.spss
    2010-08-24 02:04:27 114 ----a-w- c:\windows\system32\prsgrc.tgz
    2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth2.dll
    2010-08-24 02:04:27 1024 ----a-w- c:\windows\system32\grcauth1.dll
    2010-08-24 02:04:27 100 ----a-w- c:\windows\system32\prsgrc.dll
    2010-08-24 01:59:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SPSS
    2010-08-23 14:52:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
    2010-08-23 14:51:52 0 d-----w- c:\program files\common files\SPSS
    2010-08-23 14:50:26 219 ----a-w- c:\windows\system32\lsprst7.tgz
    2010-08-23 14:50:26 205 ----a-w- c:\windows\system32\lsprst7.dll
    2010-08-23 14:50:26 16 ---h--w- c:\windows\system32\servdat.slm
    2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.tgz
    2010-08-23 14:50:26 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2010-08-22 04:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
    2010-08-22 04:57:16 0 d-----w- c:\docume~1\admini~1\applic~1\DassaultSystemes
    2010-08-21 04:07:53 0 d-----w- c:\program files\MSXML 4.0
    2010-08-21 04:03:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-21 04:03:26 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-08-21 04:03:19 354304 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-08-21 04:02:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-21 04:01:42 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-21 04:01:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-08-21 04:01:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-08-21 04:00:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-21 03:59:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-08-21 03:59:29 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-08-21 03:57:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-08-21 03:57:44 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-08-12 01:50:27 80921 ----a-w- c:\windows\system32\drivers\tlw32drv.sys
    2010-08-12 01:50:27 45490 ----a-w- c:\windows\system32\drivers\pcisrwdm.sys
    2010-08-12 01:50:27 16078 ----a-w- c:\windows\system32\drivers\tekscanusb.sys
    2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-09 00:40:04 45344 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-31 20:37:38 0 d-----w- c:\program files\WebEx
    2010-07-30 02:41:12 0 d-----w- c:\docume~1\admini~1\applic~1\Sync App Settings
    2010-07-30 02:36:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sync App Settings

    ==================== Find3M ====================

    2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 23:12:22.31 ===============

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,
    I had issues with newer versions of Adobe being sluggish, but if you insist I'll update.
    Outdated versions are enough for attackers to compromise system. If up-to-date version is too slow the I recommend to consider one of those other options I listed earlier.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


    I didn't spot anything infection related in your logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •