Results 1 to 4 of 4

Thread: click.giftload, still awaiting fix

  1. 2011-06-24, 23:51 #1
    RyanV
    RyanV is offline
    Junior Member
    Join Date
    May 2011
    Posts
    18

    Default click.giftload, still awaiting fix

    Link to previous thread http://forums.spybot.info/showthread...ighlight=RyanV

    Combofix log:

    ComboFix 11-06-23.01 - Valued Customer 06/23/2011 19:55:54.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.830 [GMT -6:00]
    Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\WSZ.exe
    c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-21 21:03 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5E722B03-1D2D-4BBC-B274-185C9ACF17F1}\mpengine.dll
    2011-06-14 20:03 . 2011-06-14 20:03 -------- d-----w- c:\windows\SxsCaPendDel
    2011-06-12 17:30 . 2011-06-12 17:30 -------- d-----w- c:\documents and settings\Valued Customer\Local Settings\Application Data\PackageAware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-22 19:46 . 2011-05-17 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-25 01:14 . 2009-10-22 21:09 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-11 04:39 . 2011-05-11 04:39 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
    2011-05-09 20:46 . 2009-09-09 05:15 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-05-02 23:45 . 2009-04-23 16:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-05-02 23:45 . 2009-04-23 16:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-05-02 15:31 . 2009-04-23 14:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 15:51 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:51 . 2009-09-22 21:06 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 15:51 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:51 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-12-08 15:38 . 84B647F9DF97B26A4412FE01CCEFE108 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
    [7] 2009-12-08 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
    [7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-03 18:52 . 2007-09-26 19:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe
    2009-10-29 02:21 . 2009-10-29 02:21 141600 c:\program files\iTunes\iTunesHelper.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2009-12-17 22:02 613496 ----a-w- c:\windows\system32\PGPfsshl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WheresJames Startup Manager"="c:\program files\WheresJames\StartupMgr\StartupMgr.exe" [2007-10-14 475136]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-09-11 188416]
    "WLSS"="c:\program files\Program DJ\Wireless Switch\WLSS.exe" [2008-05-09 951592]
    "PdjAssistant"="c:\program files\Program DJ\Program DJ\PdjAssistant.exe" [2008-07-09 339968]
    "GCTray"="c:\program files\Program DJ\Green Charger\GCTray.exe" [2008-06-10 548864]
    "Wow Video&Audio"="c:\program files\Program DJ\Wow Video&Audio\WVAMain.exe" [2008-08-10 3548456]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
    "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Protector Suite QL"="c:\program files\Protector Suite QL\psqltray.exe" [2008-04-29 278792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13537280]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Seagate Product Registration.lnk - c:\documents and settings\Valued Customer\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-5-24 1731736]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    PGPtray.exe.lnk - c:\windows\Installer\{28E0F0A8-E555-4077-A6E1-63DBF2B29D32}\Icon6560581611.exe [2010-10-1 55296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-04-29 22:43 96008 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=
    "c:\\temp\\janinblr\\iTunnel\\iTunnel.exe"=
    "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Highwind Software\\TuneSync\\TuneSync.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    .
    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [4/23/2009 10:07 AM 9856]
    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [12/17/2009 4:01 PM 136312]
    R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [12/17/2009 4:01 PM 13432]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2009 7:12 PM 691696]
    R2 DualView Server;DualView Server Service;c:\program files\Program DJ\Dualview Server\dualviewsvc.exe [5/23/2008 3:41 PM 126976]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/24/2007 11:07 PM 149352]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 6:33 PM 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 8:47 AM 14088]
    R2 Smart Watchdog;Smart Watchdog Service;c:\program files\Program DJ\Smart Watchdog\SWDsvc.exe [4/14/2008 6:17 PM 208896]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [5/6/2008 7:32 AM 20352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 9:32 AM 105592]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [4/13/2008 9:03 PM 81296]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/19/2008 1:36 PM 38304]
    R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [5/17/2011 12:31 PM 23096]
    R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [11/21/2009 6:56 PM 3768]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
    S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:30 AM 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
    S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [11/21/2009 5:16 PM 23096]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:30 AM 135664]
    S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [3/10/2011 3:06 PM 26930]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/31/2009 9:06 PM 42112]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 6:00 AM 14336]
    S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [5/17/2011 12:31 PM 200704]
    S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    2011-06-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    2011-05-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Valued Customer.job
    - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
    .
    2011-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-2025429265-682003330-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-2025429265-682003330-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    LSP: c:\windows\system32\PGPlsp.dll
    TCP: Interfaces\{498B6563-F313-4B03-8323-E79AD21537D3}: NameServer = 208.67.220.220,208.67.222.222
    FF - ProfilePath - c:\documents and settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\a3uaen4i.default\
    FF - prefs.js: network.proxy.ftp - 217.194.213.31
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 217.194.213.31
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 217.194.213.31
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 217.194.213.31
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 217.194.213.31
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\Valued Customer\Local Settings\Application Data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
    FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-23 20:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\TMP0000003C8C826D5D6A1E1B44 524288 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
    "ServiceDll"="%CommonProgramFiles%\dns.cert"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166EE761-5C62-346C-950B-9E9FE6C1A134}\InProcServer32*]
    "jabbhdnnacagmfdpbodb"=hex:6a,61,64,62,6f,62,6a,70,6d,68,61,66,6a,6d,6e,67,67,
    6b,6d,65,00,e9
    "iabbbepidjoojpimng"=hex:69,61,64,62,66,63,6d,6a,6b,6c,67,66,6a,62,6e,6b,68,67,
    00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1336)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\program files\Protector Suite QL\infql2.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\qlbase.dll
    c:\windows\system32\PGPpwflt.dll
    c:\windows\system32\PGPwd.dll
    c:\windows\system32\PGPsdk.dll
    c:\windows\system32\WININET.dll
    c:\program files\Protector Suite QL\otp.dll
    c:\program files\Protector Suite QL\psqltray.dll
    .
    - - - - - - - > 'explorer.exe'(2948)
    c:\windows\system32\WININET.dll
    c:\windows\system32\PGPhk.dll
    c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\PGPfsshl.dll
    c:\program files\Protector Suite QL\farchns.dll
    c:\program files\Protector Suite QL\infql2.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-23 20:28:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-24 02:28
    .
    Pre-Run: 60,418,686,976 bytes free
    Post-Run: 61,084,049,408 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
    .
    - - End Of File - - 471B41F58615B3B2D490AC2E9D012710
  2. 2011-06-25, 19:30 #2
    RyanV
    RyanV is offline
    Junior Member
    Join Date
    May 2011
    Posts
    18

    Default click.giftload + combofix = no sound

    I ran combofix as instructed in this thread and now have no sound.
    http://forums.spybot.info/showthread.php?t=63193

    Here is the combofix log:

    ComboFix 11-06-23.01 - Valued Customer 06/23/2011 19:55:54.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.830 [GMT -6:00]
    Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\WSZ.exe
    c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-21 21:03 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5E722B03-1D2D-4BBC-B274-185C9ACF17F1}\mpengine.dll
    2011-06-14 20:03 . 2011-06-14 20:03 -------- d-----w- c:\windows\SxsCaPendDel
    2011-06-12 17:30 . 2011-06-12 17:30 -------- d-----w- c:\documents and settings\Valued Customer\Local Settings\Application Data\PackageAware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-22 19:46 . 2011-05-17 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-25 01:14 . 2009-10-22 21:09 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-11 04:39 . 2011-05-11 04:39 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
    2011-05-09 20:46 . 2009-09-09 05:15 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-05-02 23:45 . 2009-04-23 16:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-05-02 23:45 . 2009-04-23 16:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-05-02 15:31 . 2009-04-23 14:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 15:51 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:51 . 2009-09-22 21:06 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 15:51 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:51 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-12-08 15:38 . 84B647F9DF97B26A4412FE01CCEFE108 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
    [7] 2009-12-08 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
    [7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-03 18:52 . 2007-09-26 19:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe
    2009-10-29 02:21 . 2009-10-29 02:21 141600 c:\program files\iTunes\iTunesHelper.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2009-12-17 22:02 613496 ----a-w- c:\windows\system32\PGPfsshl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WheresJames Startup Manager"="c:\program files\WheresJames\StartupMgr\StartupMgr.exe" [2007-10-14 475136]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-09-11 188416]
    "WLSS"="c:\program files\Program DJ\Wireless Switch\WLSS.exe" [2008-05-09 951592]
    "PdjAssistant"="c:\program files\Program DJ\Program DJ\PdjAssistant.exe" [2008-07-09 339968]
    "GCTray"="c:\program files\Program DJ\Green Charger\GCTray.exe" [2008-06-10 548864]
    "Wow Video&Audio"="c:\program files\Program DJ\Wow Video&Audio\WVAMain.exe" [2008-08-10 3548456]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
    "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Protector Suite QL"="c:\program files\Protector Suite QL\psqltray.exe" [2008-04-29 278792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13537280]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Seagate Product Registration.lnk - c:\documents and settings\Valued Customer\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-5-24 1731736]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    PGPtray.exe.lnk - c:\windows\Installer\{28E0F0A8-E555-4077-A6E1-63DBF2B29D32}\Icon6560581611.exe [2010-10-1 55296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-04-29 22:43 96008 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=
    "c:\\temp\\janinblr\\iTunnel\\iTunnel.exe"=
    "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Highwind Software\\TuneSync\\TuneSync.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    .
    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [4/23/2009 10:07 AM 9856]
    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [12/17/2009 4:01 PM 136312]
    R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [12/17/2009 4:01 PM 13432]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2009 7:12 PM 691696]
    R2 DualView Server;DualView Server Service;c:\program files\Program DJ\Dualview Server\dualviewsvc.exe [5/23/2008 3:41 PM 126976]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/24/2007 11:07 PM 149352]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 6:33 PM 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 8:47 AM 14088]
    R2 Smart Watchdog;Smart Watchdog Service;c:\program files\Program DJ\Smart Watchdog\SWDsvc.exe [4/14/2008 6:17 PM 208896]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [5/6/2008 7:32 AM 20352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 9:32 AM 105592]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [4/13/2008 9:03 PM 81296]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/19/2008 1:36 PM 38304]
    R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [5/17/2011 12:31 PM 23096]
    R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [11/21/2009 6:56 PM 3768]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
    S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:30 AM 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
    S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [11/21/2009 5:16 PM 23096]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 10:30 AM 135664]
    S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [3/10/2011 3:06 PM 26930]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/31/2009 9:06 PM 42112]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 6:00 AM 14336]
    S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [5/17/2011 12:31 PM 200704]
    S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    2011-06-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    2011-05-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Valued Customer.job
    - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
    .
    2011-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-2025429265-682003330-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-2025429265-682003330-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    LSP: c:\windows\system32\PGPlsp.dll
    TCP: Interfaces\{498B6563-F313-4B03-8323-E79AD21537D3}: NameServer = 208.67.220.220,208.67.222.222
    FF - ProfilePath - c:\documents and settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\a3uaen4i.default\
    FF - prefs.js: network.proxy.ftp - 217.194.213.31
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 217.194.213.31
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 217.194.213.31
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 217.194.213.31
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 217.194.213.31
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\Valued Customer\Local Settings\Application Data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Save Session: - %profile%\extensions\savesession@noasobi.net
    FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    FF - Ext: Firebug: - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Zotero: - %profile%\extensions\zotero@chnm.gmu.edu
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-23 20:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\TMP0000003C8C826D5D6A1E1B44 524288 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
    "ServiceDll"="%CommonProgramFiles%\dns.cert"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166EE761-5C62-346C-950B-9E9FE6C1A134}\InProcServer32*]
    "jabbhdnnacagmfdpbodb"=hex:6a,61,64,62,6f,62,6a,70,6d,68,61,66,6a,6d,6e,67,67,
    6b,6d,65,00,e9
    "iabbbepidjoojpimng"=hex:69,61,64,62,66,63,6d,6a,6b,6c,67,66,6a,62,6e,6b,68,67,
    00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1336)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\program files\Protector Suite QL\infql2.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\qlbase.dll
    c:\windows\system32\PGPpwflt.dll
    c:\windows\system32\PGPwd.dll
    c:\windows\system32\PGPsdk.dll
    c:\windows\system32\WININET.dll
    c:\program files\Protector Suite QL\otp.dll
    c:\program files\Protector Suite QL\psqltray.dll
    .
    - - - - - - - > 'explorer.exe'(2948)
    c:\windows\system32\WININET.dll
    c:\windows\system32\PGPhk.dll
    c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\PGPfsshl.dll
    c:\program files\Protector Suite QL\farchns.dll
    c:\program files\Protector Suite QL\infql2.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-23 20:28:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-24 02:28
    .
    Pre-Run: 60,418,686,976 bytes free
    Post-Run: 61,084,049,408 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
    .
    - - End Of File - - 471B41F58615B3B2D490AC2E9D012710
  3. 2011-07-04, 01:18 #3
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Uninstall the P2P and post a new DDS log
    Last edited by ken545; 2011-07-04 at 01:22.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  4. 2011-07-07, 13:03 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    FYI <--

    This was taken from another post
    P2P file sharing, downloading/uploading some stuff by torrents.... It seems clear that you realise now that this maybe was a very bad idea and that the "friend" who advised you, was not providing you with sound advice...so I will say no more, other than to emphasize that it is a hugely effective method of spreading malicious code and many computer problems/issues can be laid at its door. Some folks don't realise that for P2P to work effectively it needs to open a pathway through your firewall....and some folks take pleasure in "spiking" what looks like a legitimate file with malicious code. There are legitimate uses for P2P but a lot are used for circumventing owners copyright and any file shared in this way can compromise your computer's security and performance..... P2P is best uninstalled ( Vuze) and any files shared where their provenance is not 100% should be deleted and the Recycle Bin emptied.


    This topic is closed due to lack of response
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules