-- ComboFix log --
ComboFix 09-09-22.02 - Chad 09/22/2009 18:48.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.435 [GMT -4:00]
Running from: c:\documents and settings\Chad\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Chad\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chad\Application Data\uTorrent
c:\documents and settings\Chad\Application Data\uTorrent\2005 - Enter The Chicken.torrent
c:\documents and settings\Chad\Application Data\uTorrent\Against Me! - Thrash Unreal.torrent
c:\documents and settings\Chad\Application Data\uTorrent\Cut The Crap Playlist - November 2008.torrent
c:\documents and settings\Chad\Application Data\uTorrent\dht.dat
c:\documents and settings\Chad\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Chad\Application Data\uTorrent\Gogol Bordello.torrent
c:\documents and settings\Chad\Application Data\uTorrent\Late Of The Pier - Fantasy Black Channel (2008).torrent
c:\documents and settings\Chad\Application Data\uTorrent\M.I.A. - Kala (Limited Edition) [2008] - Hip Hop [
www.torrentazos.com].torrent
c:\documents and settings\Chad\Application Data\uTorrent\Matchbook_Romance-Voices-2006-RTB.torrent
c:\documents and settings\Chad\Application Data\uTorrent\MUSE - The Best Of.torrent
c:\documents and settings\Chad\Application Data\uTorrent\New Wave.1.torrent
c:\documents and settings\Chad\Application Data\uTorrent\New Wave.torrent
c:\documents and settings\Chad\Application Data\uTorrent\resume.dat
c:\documents and settings\Chad\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Chad\Application Data\uTorrent\rss.dat
c:\documents and settings\Chad\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Chad\Application Data\uTorrent\settings.dat
c:\documents and settings\Chad\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Chad\Application Data\uTorrent\So Wrong, It's Right.torrent
c:\documents and settings\Chad\Application Data\uTorrent\The_Fratellis-Here_We_Stand-2008-DV8.torrent
c:\documents and settings\Chad\Application Data\uTorrent\utorrent.lng
.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.
2009-09-21 18:42 . 2009-09-21 18:43 -------- d-----w- c:\program files\iTunes
2009-09-21 18:42 . 2009-09-21 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 18:38 . 2009-09-21 18:39 -------- d-----w- c:\program files\QuickTime
2009-09-15 22:51 . 2009-09-15 22:51 -------- d-----w- c:\program files\2BrightSparks
2009-09-15 22:45 . 2009-09-15 22:51 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\2BrightSparks
2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-03 18:07 . 2009-09-03 18:07 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-28 02:18 . 2009-08-28 02:18 -------- d-----w- c:\program files\Trend Micro
2009-08-28 00:33 . 2009-08-28 00:32 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-28 00:32 . 2009-08-28 00:37 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-08-28 00:28 . 2009-08-28 00:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-08-27 20:28 . 2009-08-27 22:38 -------- d-----w- c:\windows\BDOSCAN8
2009-08-27 20:17 . 2009-08-27 20:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 18:01 . 2005-03-16 23:26 -------- d-s---w- c:\program files\Xfire
2009-09-21 18:42 . 2005-04-17 22:52 -------- d-----w- c:\program files\iPod
2009-09-21 18:42 . 2007-07-21 04:47 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 14:15 . 2005-03-16 23:27 -------- d-----w- c:\documents and settings\Chad\Application Data\Xfire
2009-09-19 14:18 . 2005-03-13 21:41 -------- d-----w- c:\program files\AIM
2009-09-19 14:18 . 2006-09-13 22:48 -------- d-----w- c:\documents and settings\Chad\Application Data\Aim
2009-09-18 21:14 . 2008-01-13 18:38 -------- d-----w- c:\program files\Lx_cats
2009-09-16 00:11 . 2009-01-31 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 22:49 . 2009-01-04 14:14 -------- d-----w- c:\program files\Dyyno
2009-08-28 01:00 . 2006-04-14 17:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-27 18:37 . 2007-02-03 05:15 -------- d-----w- c:\program files\AIM6
2009-08-19 19:28 . 2009-02-04 00:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-19 19:28 . 2009-02-04 00:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 19:28 . 2009-02-04 00:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-19 19:28 . 2009-02-04 00:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-19 19:28 . 2005-02-03 02:05 -------- d-----w- c:\program files\Symantec
2009-08-18 18:59 . 2009-03-05 02:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-26 15:39 . 2005-04-10 00:37 -------- d-----w- c:\documents and settings\Chad\Application Data\Apple Computer
2009-07-25 05:07 . 2004-12-14 17:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2005-02-03 02:04 . 2005-02-03 02:04 25184485 ----a-w- c:\program files\NV11ESD.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-09-17_19.14.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-22 19:15 . 2009-09-22 19:15 16384 c:\windows\Temp\Perflib_Perfdata_564.dat
+ 2009-09-21 18:36 . 2009-08-28 23:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2009-09-21 18:43 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-01-29 16:01 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:02 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
- 2008-01-29 16:02 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-21 18:43 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2009-09-21 18:37 . 2009-09-21 18:37 694272 c:\windows\Installer\44b066.msi
+ 2009-09-21 18:43 . 2009-09-21 18:43 102400 c:\windows\Installer\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}\iTunesIco.exe
+ 2009-09-21 18:36 . 2009-08-28 23:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2009-09-21 18:43 . 2009-09-21 18:43 4597248 c:\windows\Installer\44b687.msi
+ 2009-09-21 18:39 . 2009-09-21 18:39 1679872 c:\windows\Installer\44b33e.msi
+ 2009-09-21 18:39 . 2009-09-21 18:39 9013760 c:\windows\Installer\44b2f1.msi
+ 2009-09-21 18:36 . 2009-09-21 18:36 3310592 c:\windows\Installer\44b05e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-06-10 1217784]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2004-09-13 1695827]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2004-09-29 4489280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
c:\documents and settings\Chad\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-11-15 876544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-9-3 3111824]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-5-2 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\chadcicle\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [8/31/2009 7:24 PM 310320]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [3/13/2005 6:34 PM 10752]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [8/31/2009 7:24 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [8/31/2009 7:23 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 10:56 PM 329080]
R1 TeksKernel;TeksKernel;c:\windows\system32\drivers\TeksKernel.sys [7/8/2004 3:14 PM 9060]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [8/31/2009 7:24 PM 117640]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [8/11/2006 3:56 PM 8192]
R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [7/8/2004 3:22 PM 77824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 10:54 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 4:00 AM 102448]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - Winflash
.
Contents of the 'Scheduled Tasks' folder
2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chad\Application Data\Mozilla\Firefox\Profiles\trq2th4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-09-22 18:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2450225623-1706990351-3503433465-1006\Software\SecuROM\License information*]
"datasecu"=hex:20,81,a1,3e,f5,9d,f4,ef,db,2a,45,1f,ef,5c,1b,fc,40,7f,d1,55,1b,
71,99,30,01,5c,33,d3,c6,d8,df,d6,44,48,f9,7b,b0,ca,d1,8b,d6,bb,c0,af,60,6a,\
"rkeysecu"=hex:4e,10,a8,75,bd,8a,24,82,59,b2,f9,5e,ee,b6,ea,d5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2009-09-22 18:58
ComboFix-quarantined-files.txt 2009-09-22 22:58
ComboFix2.txt 2009-09-17 19:20
Pre-Run: 94,304,419,840 bytes free
Post-Run: 94,364,590,080 bytes free
212 --- E O F --- 2009-02-27 21:34
-- dds.txt --
DDS (Ver_09-07-30.01) - NTFSx86
Run by Chad at 17:32:12.96 on Thu 09/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.604 [GMT -4:00]
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Chad\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{348fe907-249e-4c65-a838-f34a193fe1d1}
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.7.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ABIT uGuru] c:\program files\abit\abit uguru\uGuru.exe
mRun: [GuruClock] c:\program files\abit\abit uguru\GuruClock.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,_RunDLLEntry@16
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\chad\startm~1\programs\startup\gamesp~1.lnk - c:\program files\gamespot\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\docume~1\chad\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\chad\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_14.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\trq2th4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1007020.00b\SymEFA.sys [2009-8-31 310320]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2005-3-13 10752]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1007020.00b\BHDrvx86.sys [2009-8-31 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1007020.00b\cchpx86.sys [2009-8-31 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
R1 TeksKernel;TeksKernel;c:\windows\system32\drivers\TeksKernel.sys [2004-7-8 9060]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R2 ProductivITService;ProductivIT Service;c:\program files\alienautopsy\TEKS_Service.exe [2004-7-8 77824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090924.002\NAVENG.SYS [2009-9-24 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090924.002\NAVEX15.SYS [2009-9-24 1323568]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
=============== Created Last 30 ================
2009-09-22 20:52 95 a------- c:\windows\system32\productregistry
2009-09-22 20:51 <DIR> --d----- C:\Sun
2009-09-22 19:26 <DIR> --d----- c:\documents and settings\chad\.SunDownloadManager
2009-09-22 18:46 <DIR> --d----- C:\ComboFix
2009-09-21 14:42 <DIR> --d----- c:\program files\iTunes
2009-09-21 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 15:00 <DIR> a-dshr-- C:\cmdcons
2009-09-17 14:56 229,888 a------- c:\windows\PEV.exe
2009-09-17 14:56 161,792 a------- c:\windows\SWREG.exe
2009-09-17 14:56 98,816 a------- c:\windows\sed.exe
2009-09-15 18:51 <DIR> --d----- c:\program files\2BrightSparks
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 14:07 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-27 22:18 <DIR> --d----- c:\program files\Trend Micro
2009-08-27 20:33 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
==================== Find3M ====================
2009-08-19 15:28 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-19 15:28 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-08-19 15:28 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 15:28 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 14:59 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-04-19 17:26 22,328 a------- c:\docume~1\chad\applic~1\PnkBstrK.sys
2005-02-02 22:04 25,184,485 a------- c:\program files\NV11ESD.exe
2008-09-04 22:29 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 17:33:44.00 ===============
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 24, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 24, 2009 18:41:41
Records in database: 2914331
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 127238
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:30:22
File name / Threat / Threats count
C:\Documents and Settings\Chad\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0d96-4af1835c.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Chad\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-3123b258.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Chad\My Documents\csscript\backup\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
C:\Documents and Settings\Chad\My Documents\csscript.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
Selected area has been scanned.
Some final steps to follow next.