Jump to content

castingguy2005

Honorary Members
  • Posts

    75
  • Joined

  • Last visited

Everything posted by castingguy2005

  1. Not for about a week, but you said last week (saturday I think it was) I was still infected. Am I?
  2. OK please look at the attached. Combofix log below. ComboFix 09-09-23.02 - Don 09/24/2009 23:36.14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1428 [GMT -4:00] Running from: c:\documents and settings\Don\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . /wow section - STAGE 10 Access is denied. ((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))))) . 2009-09-22 00:12 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys 2009-09-22 00:12 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys 2009-09-22 00:11 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2009-09-22 00:11 . 2009-09-22 00:11 -------- d-----w- c:\program files\Agnitum 2009-09-22 00:10 . 2009-09-22 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2009-09-16 11:26 . 2009-09-16 11:26 85504 ----a-w- c:\windows\system32\Inherit.exe 2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Temp 2009-09-12 19:43 . 2009-09-12 19:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-09-12 03:09 . 2009-09-12 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-10 07:02 . 2009-09-23 07:00 -------- d-sh--w- c:\windows\Installer 2009-09-09 09:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:07 . 2009-09-01 02:07 -------- d-sh--w- c:\documents and settings\Don\IECompatCache 2009-09-01 01:58 . 2009-09-12 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 03:21 . 2009-04-05 14:11 -------- d-----w- c:\documents and settings\Don\Application Data\NBC Direct 2009-09-23 03:35 . 2009-01-02 03:20 -------- d-----w- c:\program files\Trend Micro 2009-09-23 03:01 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-12 19:42 . 2008-01-09 20:56 -------- d-----w- c:\program files\MSECache 2009-09-12 03:25 . 2009-04-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-12 03:16 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 03:12 . 2007-03-15 02:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 03:04 . 2006-10-11 23:18 -------- d-----w- c:\program files\Java 2009-09-10 18:54 . 2009-03-13 03:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-03-13 03:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-24 01:17 . 2009-08-22 02:10 574 ----a-w- C:\cleanup.bat 2009-08-24 01:17 . 2009-08-22 02:10 135168 ----a-w- C:\zip.exe 2009-08-21 21:42 . 2006-10-23 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-08-18 19:02 . 2009-08-18 19:01 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 19:23 . 2009-05-24 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-13_01.25.22 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-09-23 03:16 . 2009-09-23 03:16 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat + 2005-08-16 09:19 . 2005-08-03 23:29 25088 c:\windows\system32\dllcache\mspmsnsv.dll + 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-09-23 07:00 . 2009-09-23 07:00 195584 c:\windows\Installer\ce3265.msi + 2009-09-22 00:11 . 2009-09-22 00:11 228352 c:\windows\Installer\17adccf1.msi + 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-04-10 1150016] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/21/2009 8:12 PM 704384] R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/21/2009 8:11 PM 1195008] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/21/2009 8:11 PM 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/21/2009 8:12 PM 257432] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\Don\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\Don\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Don\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-24 23:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1308) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1684) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-09-25 23:44 ComboFix-quarantined-files.txt 2009-09-25 03:44 ComboFix2.txt 2009-09-23 03:28 ComboFix3.txt 2009-09-18 04:13 ComboFix4.txt 2009-09-15 03:23 ComboFix5.txt 2009-09-25 03:26 Pre-Run: 8,451,739,648 bytes free Post-Run: 8,407,027,712 bytes free 241 --- E O F --- 2009-09-24 07:00 ERU_error_AGAIN.zip
  3. I will run it again but I keep getting the error that I had sent numerous times before. I do disable Avast. I have no other protection. It keeps giving me the ERUNDT error and I get the error dialog box that says It cannot create a file that already exists. have you seen the errors I have sent?
  4. Ok, had to save hijackthis as a different name to get it to run but it ran. Belof are my combofix and HJT logs (in that order): ComboFix 09-09-22.02 - Don 09/22/2009 23:07.13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1402 [GMT -4:00] Running from: c:\documents and settings\Don\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Don\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . /wow section - STAGE 10 Access is denied. Overlay aborted ... Please run ComboFix once more ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . --------------- FCopy --------------- c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll --> c:\windows\system32\mspmsnsv.dll . ((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))))) . 2009-09-22 00:12 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys 2009-09-22 00:12 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys 2009-09-22 00:11 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2009-09-22 00:11 . 2009-09-22 00:11 -------- d-----w- c:\program files\Agnitum 2009-09-22 00:10 . 2009-09-22 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2009-09-16 11:26 . 2009-09-16 11:26 85504 ----a-w- c:\windows\system32\Inherit.exe 2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Temp 2009-09-12 19:43 . 2009-09-12 19:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-09-12 03:09 . 2009-09-12 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-10 07:02 . 2009-09-22 00:11 -------- d-sh--w- c:\windows\Installer 2009-09-09 09:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:07 . 2009-09-01 02:07 -------- d-sh--w- c:\documents and settings\Don\IECompatCache 2009-09-01 01:58 . 2009-09-12 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-23 03:01 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-23 03:01 . 2009-04-05 14:11 -------- d-----w- c:\documents and settings\Don\Application Data\NBC Direct 2009-09-12 19:42 . 2008-01-09 20:56 -------- d-----w- c:\program files\MSECache 2009-09-12 03:25 . 2009-04-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-12 03:16 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 03:12 . 2007-03-15 02:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 03:04 . 2006-10-11 23:18 -------- d-----w- c:\program files\Java 2009-09-10 18:54 . 2009-03-13 03:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-03-13 03:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-24 01:17 . 2009-08-22 02:10 574 ----a-w- C:\cleanup.bat 2009-08-24 01:17 . 2009-08-22 02:10 135168 ----a-w- C:\zip.exe 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-08-18 19:02 . 2009-08-18 19:01 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 19:23 . 2009-05-24 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-09-29 09:45 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-09-29 09:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-09-29 09:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-13_01.25.22 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-09-23 03:16 . 2009-09-23 03:16 16384 c:\windows\temp\Perflib_Perfdata_668.dat + 2009-09-23 03:16 . 2009-09-23 03:16 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat + 2005-08-16 09:19 . 2005-08-03 23:29 25088 c:\windows\system32\dllcache\mspmsnsv.dll + 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-09-22 00:11 . 2009-09-22 00:11 228352 c:\windows\Installer\17adccf1.msi + 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-04-10 1150016] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/21/2009 8:12 PM 704384] R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/21/2009 8:11 PM 1195008] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/21/2009 8:11 PM 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/21/2009 8:12 PM 257432] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\Don\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\Don\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Don\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 23:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1308) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(864) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\BCMWLTRY.EXE c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\ati2evxx.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-09-23 23:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-23 03:28 ComboFix2.txt 2009-09-18 04:13 ComboFix3.txt 2009-09-15 03:23 ComboFix4.txt 2009-09-13 01:28 ComboFix5.txt 2009-09-23 03:06 Pre-Run: 8,531,193,856 bytes free Post-Run: 8,504,311,808 bytes free 280 --- E O F --- 2009-09-22 07:00 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:38 PM, on 9/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\NBC Direct\DirectPlayerCore.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Logitech\Logitech Vid\vid.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\gogetit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061011 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [DirectPlayerCore] "C:\Program Files\NBC Direct\DirectPlayerCore.exe" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing) O23 - Service: Google Update Service (gupdate1ca13e2ea342671) (gupdate1ca13e2ea342671) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SonicWALL Agent Service (SWAGENT) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10757 bytes
  5. OK, so it wouldn't run the script on the command window as you had it typed, it said it couldn't find the file at that location. So I typed it in as the specific path for the file (in other words I didnt use the wildcards for user profile, I used this: "C:\Documents and Settings\Don\Desktop\ComboFix.exe" /killall) Here is the log ComboFix 09-09-16.02 - Don 09/17/2009 5:45.12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1530 [GMT -4:00] Running from: c:\documents and settings\Don\Desktop\ComboFix.exe Command switches used :: /killall AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . /wow section - STAGE 10 Access is denied. ((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-16 11:26 . 2009-09-16 11:26 85504 ----a-w- c:\windows\system32\Inherit.exe 2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Temp 2009-09-12 19:43 . 2009-09-12 19:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-09-12 03:09 . 2009-09-12 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-10 07:02 . 2009-09-12 19:45 -------- d-sh--w- c:\windows\Installer 2009-09-09 09:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:07 . 2009-09-01 02:07 -------- d-sh--w- c:\documents and settings\Don\IECompatCache 2009-09-01 01:58 . 2009-09-12 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-22 02:10 . 2009-08-24 01:17 574 ----a-w- C:\cleanup.bat 2009-08-22 02:10 . 2009-08-24 01:17 135168 ----a-w- C:\zip.exe 2009-08-20 16:37 . 2009-08-20 16:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-19 10:31 . 2009-08-19 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-17 09:32 . 2009-04-05 14:11 -------- d-----w- c:\documents and settings\Don\Application Data\NBC Direct 2009-09-16 22:15 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-12 19:42 . 2008-01-09 20:56 -------- d-----w- c:\program files\MSECache 2009-09-12 03:25 . 2009-04-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-12 03:16 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 03:12 . 2007-03-15 02:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 03:04 . 2006-10-11 23:18 -------- d-----w- c:\program files\Java 2009-09-10 18:54 . 2009-03-13 03:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-03-13 03:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-21 21:42 . 2006-10-23 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-18 19:02 . 2009-08-18 19:01 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 19:23 . 2009-05-24 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-23 01:52 . 2009-04-12 03:49 -------- d-----w- c:\program files\ffdshow 2009-07-23 01:52 . 2006-12-27 02:46 -------- d-----w- c:\program files\Apple Software Update 2009-07-23 00:18 . 2009-04-05 14:11 -------- d-----w- c:\program files\Pando Networks 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-09-29 09:45 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-09-29 09:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-09-29 09:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-09-29 09:45 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ------- Sigcheck ------- [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-08-03 23:29 . !HASH: COULD NOT OPEN FILE !!!!! . 25088 . . [------] . . c:\windows\system32\mspmsnsv.dll [7] 2004-08-10 10:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-13_01.25.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-17 09:51 . 2009-09-17 09:51 16384 c:\windows\temp\Perflib_Perfdata_71c.dat + 2009-09-17 09:51 . 2009-09-17 09:51 16384 c:\windows\temp\Perflib_Perfdata_310.dat + 2009-09-17 09:51 . 2009-04-30 20:01 109080 c:\windows\temp\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-04-10 1150016] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\Don\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\Don\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Don\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-18 00:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3100) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\ati2evxx.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-09-18 0:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-18 04:13 ComboFix2.txt 2009-09-15 03:23 ComboFix3.txt 2009-09-13 01:28 ComboFix4.txt 2009-09-08 22:32 Pre-Run: 8,642,498,560 bytes free Post-Run: 8,888,610,816 bytes free 250 --- E O F --- 2009-09-17 07:00
  6. I tried ot drag and drop the MSPMSNSV.dll onto the inherit app and it said "Windows cannot access thespecfied, device, path or file. You may not have the appropriate permissions to access the item".
  7. so whats the deal? I posted the combo fix log. I think that I am being patient but it takes almost a day and a half before you even respond. I see that you make multiple replies to other users. If you do not want to help then just say so.
  8. OK, so I didn't get an answer so I went to Bleeping computer.com and DL from there. I received several errors while combofix was creating a restore point. Something about it cannot create backup files for files that already exist, or something like that. Here is my Log: ComboFix 09-09-14.02 - Don 09/14/2009 23:07.11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running from: c:\documents and settings\Don\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090914-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . /wow section - STAGE 10 Access is denied. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Don\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe c:\documents and settings\Don\Application Data\Microsoft\Installer\{6060E4F6-9629-4F9D-934F-A689746939CD}\DesktopMgr.exe c:\documents and settings\Don\Application Data\Microsoft\Installer\{6060E4F6-9629-4F9D-934F-A689746939CD}\NewShortcut90_770DFD1204C24F4DA163D64FACCB5CBD.exe c:\documents and settings\Don\Application Data\Microsoft\Installer\{6060E4F6-9629-4F9D-934F-A689746939CD}\NewShortcut900_770DFD1204C24F4DA163D64FACCB5CBD.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP13\A0009468.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP13\A0009468.dll -------- . ((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))))) . 2009-09-12 19:43 . 2009-09-12 19:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-09-12 03:09 . 2009-09-12 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-10 07:02 . 2009-09-12 19:45 -------- d-sh--w- c:\windows\Installer 2009-09-09 09:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:07 . 2009-09-01 02:07 -------- d-sh--w- c:\documents and settings\Don\IECompatCache 2009-09-01 01:58 . 2009-09-12 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-22 02:10 . 2009-08-24 01:17 574 ----a-w- C:\cleanup.bat 2009-08-22 02:10 . 2009-08-24 01:17 135168 ----a-w- C:\zip.exe 2009-08-20 16:37 . 2009-08-20 16:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-19 10:31 . 2009-08-19 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-08-18 19:01 . 2009-08-18 19:02 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-18 18:47 . 2009-08-18 18:47 -------- d-----w- c:\documents and settings\Administrator\ContentWatch 2009-08-18 18:46 . 2009-08-18 18:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-18 00:30 . 2009-08-18 00:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-15 02:55 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-15 02:55 . 2009-04-05 14:11 -------- d-----w- c:\documents and settings\Don\Application Data\NBC Direct 2009-09-12 19:42 . 2008-01-09 20:56 -------- d-----w- c:\program files\MSECache 2009-09-12 03:25 . 2009-04-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-12 03:16 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 03:12 . 2007-03-15 02:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 03:04 . 2006-10-11 23:18 -------- d-----w- c:\program files\Java 2009-09-10 18:54 . 2009-03-13 03:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-03-13 03:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 19:23 . 2009-05-24 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-23 01:52 . 2009-04-12 03:49 -------- d-----w- c:\program files\ffdshow 2009-07-23 01:52 . 2006-12-27 02:46 -------- d-----w- c:\program files\Apple Software Update 2009-07-23 00:18 . 2009-04-05 14:11 -------- d-----w- c:\program files\Pando Networks 2009-07-18 15:25 . 2009-07-16 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-09-29 09:45 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-09-29 09:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-09-29 09:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-09-29 09:45 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ------- Sigcheck ------- [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-08-03 23:29 . !HASH: COULD NOT OPEN FILE !!!!! . 25088 . . [------] . . c:\windows\system32\mspmsnsv.dll [7] 2004-08-10 10:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-13_01.25.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-15 03:14 . 2009-09-15 03:14 16384 c:\windows\temp\Perflib_Perfdata_720.dat + 2009-09-15 03:14 . 2009-09-15 03:14 16384 c:\windows\temp\Perflib_Perfdata_368.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-04-10 1150016] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\Don\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\Don\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Don\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 23:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1284) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\BCMWLTRY.EXE c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-09-15 23:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-15 03:23 ComboFix2.txt 2009-09-13 01:28 ComboFix3.txt 2009-09-08 22:32 Pre-Run: 9,179,021,312 bytes free Post-Run: 9,131,360,256 bytes free 262 --- E O F --- 2009-09-12 21:12
  9. from where should I DL so I know it is the most current? I have always just DL from a link you provided, but if there is a site I can trust I will do that...
  10. still more problems....I was tooling along jsut fine until I took my laptop to a church youth dance with my kids and I went looking for a wi fi spot. I found one at McDonalds and started tp boot up my machine. Lo and behold Igot a blue screen of death. So I booted in safe mode, ran a thorough scan from Combofix, Rootrepeal, and DDS. Logs below. Needless to say, I was ticked! So I just left it off for the night. Booted it this morning, it booted rightup. Btu I did get the dialog window "Windows has recovered from a serious error." I then got the dialog for reporting the error. I clicked send report and it took me ot the Windows site where it talks about device drivers causing serious errors. I could not get the error doalog window to go away. It either took me ot the website, or if I clicked dont send it just popped right back up again. So I shut down and reboot and I get another error that "One of the files contianing system's registry data had to be recovered from a log or an alternate copy. The recovery was successful. ComboFix 09-09-03.02 - Administrator 09/12/2009 21:22.10.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1752 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\system32\logevent.dll . ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))) . 2009-09-12 19:43 . 2009-09-12 19:43 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-09-12 03:09 . 2009-09-12 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-10 07:02 . 2009-09-12 19:45 -------- d-sh--w- c:\windows\Installer 2009-09-09 09:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:33 . 2009-09-06 17:27 -------- d-----w- c:\windows\LastGood 2009-09-01 01:58 . 2009-09-12 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-31 01:13 . 2009-09-01 01:58 -------- d-----w- c:\windows\LastGood.Tmp 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-22 02:10 . 2009-08-24 01:17 574 ----a-w- C:\cleanup.bat 2009-08-22 02:10 . 2009-08-24 01:17 135168 ----a-w- C:\zip.exe 2009-08-20 16:37 . 2009-08-20 16:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-19 10:31 . 2009-08-19 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-08-18 19:01 . 2009-08-18 19:02 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-18 18:47 . 2009-08-18 18:47 -------- d-----w- c:\documents and settings\Administrator\ContentWatch 2009-08-18 18:46 . 2009-08-18 18:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-18 00:30 . 2009-08-18 00:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 19:42 . 2008-01-09 20:56 -------- d-----w- c:\program files\MSECache 2009-09-12 03:25 . 2009-04-11 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-12 03:16 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 03:12 . 2007-03-15 02:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 03:04 . 2006-10-11 23:18 -------- d-----w- c:\program files\Java 2009-09-12 02:57 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-10 18:54 . 2009-03-13 03:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-03-13 03:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-21 21:42 . 2006-10-23 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 19:23 . 2009-05-24 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-23 01:52 . 2009-04-12 03:49 -------- d-----w- c:\program files\ffdshow 2009-07-23 01:52 . 2006-12-27 02:46 -------- d-----w- c:\program files\Apple Software Update 2009-07-23 00:18 . 2009-04-05 14:11 -------- d-----w- c:\program files\Pando Networks 2009-07-18 15:25 . 2009-07-16 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 22:30 . 2009-07-16 22:30 -------- d-----w- c:\program files\Logitech 2009-07-16 22:30 . 2009-07-16 22:25 -------- d-----w- c:\program files\Common Files\logishrd 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-09-29 09:45 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-09-29 09:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-09-29 09:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-09-29 09:45 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061011 IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ieioe1vl.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-12 21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2282983233-801452963-4151238568-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,ba,33,89,7d,7c,e1,46,a5,0d,65,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,ba,33,89,7d,7c,e1,46,a5,0d,65,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(1420) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2009-09-13 21:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-13 01:28 ComboFix2.txt 2009-09-08 22:32 Pre-Run: 11,409,952,768 bytes free Post-Run: 11,364,605,952 bytes free 212 --- E O F --- 2009-09-12 21:12 DDS (Ver_09-07-30.01) - NTFSx86 NETWORK Run by Administrator at 21:18:18.90 on Sat 09/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1753 [GMT -4:00] AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061011 BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ieioe1vl.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-7 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-7 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-7 138680] S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?] S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] S2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swagent.exe --> c:\program files\mcafee\managed virusscan\agent\swAgent.exe [?] S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-7 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-7 352920] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-21 68762] =============== Created Last 30 ================ 2009-09-12 15:43 <DIR> --d----- c:\program files\Windows Installer Clean Up 2009-09-10 05:47 <DIR> --ds---- C:\ComboFix 2009-09-10 03:02 <DIR> --dsh--- c:\windows\Installer 2009-09-09 05:48 153,088 -------- c:\windows\system32\dllcache\triedit.dll 2009-08-30 21:13 <DIR> --d----- c:\windows\LastGood.Tmp 2009-08-30 00:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Corel Photo Album 2009-08-30 00:03 88 ---shr-- c:\windows\system32\D3C50E08A6.sys 2009-08-29 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-08-24 22:26 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-08-24 18:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-08-21 22:10 135,168 a------- C:\zip.exe 2009-08-21 22:10 574 a------- C:\cleanup.bat 2009-08-20 12:37 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE 2009-08-18 15:01 15 a------- c:\documents and settings\administrator\settings.dat 2009-08-18 14:47 <DIR> --d----- c:\documents and settings\administrator\ContentWatch 2009-08-18 14:46 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache 2009-08-17 20:32 2 a--sh--- C:\472657839 ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-30 00:04 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll 2007-07-18 19:56 251 ac------ c:\program files\wt3d.ini 2007-03-04 11:57 19,121,288 ac------ c:\program files\netnanny.550.exe 2008-07-14 18:45 88 ---shr-- c:\windows\system32\6B126CA445.sys 2009-01-04 21:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010420090105\index.dat ============= FINISH: 21:18:32.84 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 10/23/2006 4:48:25 PM System Uptime: 9/12/2009 8:41:31 PM (1 hours ago) Motherboard: Dell Inc. | | 0YD479 Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 51 GiB total, 10.642 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2.317 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP6: 9/10/2009 5:48:21 AM - System Checkpoint RP7: 9/10/2009 5:49:59 AM - Removed Adobe Reader 8.1.2 RP8: 9/11/2009 3:00:17 AM - Software Distribution Service 3.0 RP9: 9/11/2009 11:04:33 PM - Installed Java 6 Update 16 RP10: 9/11/2009 11:12:02 PM - Installed Adobe Reader 9.1. RP11: 9/12/2009 3:00:19 AM - Software Distribution Service 3.0 RP12: 9/12/2009 3:43:03 PM - Installed Windows Installer Clean Up RP13: 9/12/2009 5:12:49 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Shockwave Player Adobe
  11. the link you posted took me to the DL location for developer versions of Java...I have dl ju16 and Adobe 9.1 I got an error it could not install it. I will post an MBAM log
  12. I did as you asked. I got the attached error while trying ot install Java update. JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Mar 25 00:24:30 2009 Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 10 19:17:03 2009 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Documents and Settings\Don\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\Don\Application Data\Sun\Java\jre1.6.0_14 Found and removed: C:\Documents and Settings\Don\Application Data\Sun\Java\jre1.6.0_15 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 10 19:17:45 2009 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 10 19:30:38 2009 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 10 19:31:26 2009 ------------------------------------ Finished reporting.
  13. I got this error when I tried to uninstall Java 6 from the add/remove programs. It is the same error I got on start up this morning. It took quite some time to boot up, then I got a dialog window that Windows had an update to install, and that is when I got the error, then, as I said, when I tried to uninstall Java 6(see attached). java6_error.zip
  14. Here is my DDS log, Attach log is attached. DDS (Ver_09-07-30.01) - NTFSx86 Run by Don at 22:55:44.84 on Tue 09/08/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT -4:00] AV: avast! antivirus 4.8.1351 [VPS 090908-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\NBC Direct\DirectPlayerCore.exe C:\Program Files\Logitech\Logitech Vid\vid.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Don\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe" uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\don\applic~1\mozilla\firefox\profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\don\application data\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\don\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\don\application data\mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-7 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-7 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-7 138680] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-7 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-7 352920] S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swagent.exe --> c:\program files\mcafee\managed virusscan\agent\swAgent.exe [?] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-21 68762] =============== Created Last 30 ================ 2009-08-31 22:07 <DIR> --dsh--- c:\documents and settings\don\IECompatCache 2009-08-30 21:13 <DIR> --d----- c:\windows\LastGood.Tmp 2009-08-30 00:03 88 ---shr-- c:\windows\system32\D3C50E08A6.sys 2009-08-29 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-08-24 22:26 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-08-24 22:16 230,912 a------- c:\windows\PEV.exe 2009-08-24 22:16 161,792 a------- c:\windows\SWREG.exe 2009-08-24 22:16 98,816 a------- c:\windows\sed.exe 2009-08-21 22:10 135,168 a------- C:\zip.exe 2009-08-21 22:10 574 a------- C:\cleanup.bat 2009-08-17 20:32 2 a--sh--- C:\472657839 2009-08-12 07:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-08-12 07:04 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll ==================== Find3M ==================== 2009-08-30 00:04 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll 2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe 2009-03-16 17:41 0 a------- c:\documents and settings\don\settings.dat 2008-04-28 09:43 256 a------- c:\documents and settings\don\pool.bin 2007-07-18 19:56 251 ac------ c:\program files\wt3d.ini 2007-03-04 11:57 19,121,288 ac------ c:\program files\netnanny.550.exe 2008-07-14 18:45 88 ---shr-- c:\windows\system32\6B126CA445.sys 2009-01-04 21:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010420090105\index.dat ============= FINISH: 22:55:59.39 =============== Attach_9_8_09.zip
  15. I got several errors as Combofix began to run, it said something about unable to create files because they already existed. I will post the DDS log in a separate post... Here is the log anyways: ComboFix 09-09-07.03 - Don 09/08/2009 5:28.9.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1395 [GMT -4:00] Running from: c:\documents and settings\Don\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Don\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 090907-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\system32\logevent.dll . ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))) . 2009-09-07 09:03 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-07 09:03 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-07 09:03 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-07 09:03 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-07 09:03 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-07 09:03 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-07 09:03 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-07 09:03 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-07 09:03 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-07 09:03 . 2009-09-07 09:03 -------- d-----w- c:\program files\Alwil Software 2009-09-05 19:41 . 2009-09-05 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2009-09-01 02:33 . 2009-09-06 17:27 -------- d-----w- c:\windows\LastGood 2009-09-01 02:07 . 2009-09-01 02:07 -------- d-sh--w- c:\documents and settings\Don\IECompatCache 2009-09-01 01:58 . 2009-09-05 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-31 01:13 . 2009-09-01 01:58 -------- d-----w- c:\windows\LastGood.Tmp 2009-08-30 04:06 . 2009-09-01 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:03 40264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 04:03 . 2009-08-30 04:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album 2009-08-30 04:03 . 2009-08-30 04:04 88 --sh--r- c:\windows\system32\D3C50E08A6.sys 2009-08-29 20:54 . 2009-08-29 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-22 02:10 . 2009-08-24 01:17 574 ----a-w- C:\cleanup.bat 2009-08-22 02:10 . 2009-08-24 01:17 135168 ----a-w- C:\zip.exe 2009-08-20 16:37 . 2009-08-20 16:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-19 10:31 . 2009-08-19 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-19 10:30 . 2009-08-19 10:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-08-18 19:01 . 2009-08-18 19:02 15 ----a-w- c:\documents and settings\Administrator\settings.dat 2009-08-18 18:47 . 2009-08-18 18:47 -------- d-----w- c:\documents and settings\Administrator\ContentWatch 2009-08-18 18:46 . 2009-08-18 18:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-18 00:30 . 2009-08-18 00:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-12 11:04 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-08 02:12 . 2009-04-05 14:11 -------- d-----w- c:\documents and settings\Don\Application Data\NBC Direct 2009-09-07 21:13 . 2008-08-16 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-05 02:54 . 2006-10-11 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-05 02:53 . 2009-03-25 04:19 -------- d-----w- c:\program files\Panda Security 2009-09-01 02:45 . 2009-03-13 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-30 04:04 . 2006-11-07 04:37 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-21 21:42 . 2006-10-23 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 17:36 . 2009-03-13 03:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2009-03-13 03:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-03 02:36 . 2006-10-11 23:41 -------- d-----w- c:\program files\Google 2009-08-01 15:05 . 2008-04-10 14:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-23 01:52 . 2009-04-12 03:49 -------- d-----w- c:\program files\ffdshow 2009-07-23 01:52 . 2006-12-27 02:46 -------- d-----w- c:\program files\Apple Software Update 2009-07-23 00:18 . 2009-04-05 14:11 -------- d-----w- c:\program files\Pando Networks 2009-07-18 15:25 . 2009-07-16 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 22:30 . 2009-07-16 22:30 -------- d-----w- c:\program files\Logitech 2009-07-16 22:30 . 2009-07-16 22:25 -------- d-----w- c:\program files\Common Files\logishrd 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-16 09:18 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-09-29 09:45 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-09-29 09:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-09-29 09:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-09-29 09:45 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2005-08-16 09:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-08-16 09:18 76288 ----a-w- c:\windows\system32\telnet.exe 2007-07-18 23:56 . 2007-07-18 23:56 251 -c--a-w- c:\program files\wt3d.ini 2007-03-04 15:57 . 2007-03-04 15:57 19121288 -c--a-w- c:\program files\netnanny.550.exe 2008-07-14 22:45 . 2006-11-07 04:37 88 --sh--r- c:\windows\system32\6B126CA445.sys . ------- Sigcheck ------- [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [7] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-08-03 23:29 . !HASH: COULD NOT OPEN FILE !!!!! . 25088 . . [------] . . c:\windows\system32\mspmsnsv.dll [7] 2004-08-10 10:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-25_02.24.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-08 09:34 . 2009-09-08 09:34 16384 c:\windows\temp\Perflib_Perfdata_71c.dat + 2009-09-08 09:35 . 2009-09-08 09:35 16384 c:\windows\temp\Perflib_Perfdata_30c.dat + 2009-09-07 11:07 . 2009-09-07 11:07 16384 c:\windows\temp\Perflib_Perfdata_208.dat + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2009-06-21 21:18 . 2009-09-07 13:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2009-06-21 21:18 . 2009-06-21 21:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2005-08-16 09:18 . 2008-04-14 00:11 56320 c:\windows\system32\eventlog.dll + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-07-10 14:39 . 2009-07-10 14:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-04-10 1150016] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-24 148888] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 "3495:UDP"= 3495:UDP:Windows Media Format SDK (firefox.exe) "3498:UDP"= 3498:UDP:Windows Media Format SDK (firefox.exe) "3499:UDP"= 3499:UDP:Windows Media Format SDK (firefox.exe) "3561:UDP"= 3561:UDP:Windows Media Format SDK (firefox.exe) "3560:UDP"= 3560:UDP:Windows Media Format SDK (firefox.exe) "3563:UDP"= 3563:UDP:Windows Media Format SDK (firefox.exe) "3567:UDP"= 3567:UDP:Windows Media Format SDK (firefox.exe) "3566:UDP"= 3566:UDP:Windows Media Format SDK (firefox.exe) "3569:UDP"= 3569:UDP:Windows Media Format SDK (firefox.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 5:03 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 5:03 AM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/3/2009 8:50 PM 55152] S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2009 10:34 PM 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe --> c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-09-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 05:45] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\lrxys368.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\Don\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\Don\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Don\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-08 18:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3772) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\ati2evxx.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-09-08 18:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-08 22:31 ComboFix2.txt 2009-09-05 03:11 ComboFix3.txt 2009-08-30 04:31 ComboFix4.txt 2009-08-29 20:44 ComboFix5.txt 2009-09-08 09:22 Pre-Run: 8,211,566,592 bytes free Post-Run: 8,164,941,824 bytes free 269 --- E O F --- 2009-09-05 03:36
  16. And my DDS scan, with the ATTACH.txt attached: DDS (Ver_09-07-30.01) - NTFSx86 Run by Don at 16:06:52.03 on Sat 09/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\NBC Direct\DirectPlayerCore.exe C:\Program Files\Logitech\Logitech Vid\vid.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Don\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe" uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swagent.exe --> c:\program files\mcafee\managed virusscan\agent\swAgent.exe [?] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-21 68762] =============== Created Last 30 ================ 2009-08-31 22:07 <DIR> --dsh--- c:\documents and settings\don\IECompatCache 2009-08-30 21:13 <DIR> --d----- c:\windows\LastGood.Tmp 2009-08-30 00:03 88 ---shr-- c:\windows\system32\D3C50E08A6.sys 2009-08-29 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-08-24 22:26 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-08-24 22:16 230,912 a------- c:\windows\PEV.exe 2009-08-24 22:16 161,792 a------- c:\windows\SWREG.exe 2009-08-24 22:16 98,816 a------- c:\windows\sed.exe 2009-08-21 22:10 135,168 a------- C:\zip.exe 2009-08-21 22:10 574 a------- C:\cleanup.bat 2009-08-17 20:32 2 a--sh--- C:\472657839 2009-08-12 07:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-08-12 07:04 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll ==================== Find3M ==================== 2009-08-30 00:04 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll 2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll 2009-03-16 17:41 0 a------- c:\documents and settings\don\settings.dat 2008-04-28 09:43 256 a------- c:\documents and settings\don\pool.bin 2007-07-18 19:56 251 ac------ c:\program files\wt3d.ini 2007-03-04 11:57 19,121,288 ac------ c:\program files\netnanny.550.exe 2008-07-14 18:45 88 ---shr-- c:\windows\system32\6B126CA445.sys 2009-01-04 21:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010420090105\index.dat ============= FINISH: 16:07:28.73 =============== Attach.txt
  17. I ran the ATF cleanup tool. I will run the DDS and post it separately. I installed AVAST and did the boot scan as it recommended. Here are the results: 09/07/2009 05:06 Scan of all local drives File C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\88771de6.sys.vir is infected by Win32:RustNT [Rtk] Scanning aborted Number of searched folders: 7895 Number of tested files: 48665 Number of infected files: 1
  18. Here is my security check log Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! OneCare Advisor (Windows Live Toolbar) OneCare Advisor (Windows Live Toolbar) Antivirus out of date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 13 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  19. OK, had to run F-Secure in Mozilla, IE 8.0 would not let it run (see previous post for errors) Scanning Report Sunday, September 6, 2009 17:02:32 - 17:52:28 Computer name: D86Q5YB1 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ 22 malware found TrackingCookie.Questionmarket (spyware) * System (Disinfected) TrackingCookie.2o7 (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) TrackingCookie.Doubleclick (spyware) * System (Disinfected) Gen:Trojan.Heur.Hype (spyware) * System (Disinfected) TrackingCookie.Mediaplex (spyware) * System (Disinfected) Gen:Packed.FakeAV.1 (spyware) * System (Disinfected) Gen:TDSS.Patched.1 (spyware) * System (Disinfected) TrackingCookie.Yieldmanager (spyware) * System (Disinfected) Trojan-Downloader:W32/Renos.gen!C (spyware) * System (Disinfected) Gen:Packed.FakeAV.1 (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\S0K8O7BE\SRV[1].EXE (Renamed & Submitted) Trojan.Clicker.CM (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EH3VY1PK\POPUP[1].PHP (Renamed & Submitted) Trojan.Clicker.CM (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8S1ZC8P6\POPUP[1].PHP (Renamed & Submitted) Trojan.Clicker.CM (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8S1ZC8P6\POPUP[2].PHP (Renamed & Submitted) Trojan.Clicker.CM (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\29A4UV54\POPUP[1].PHP (Renamed & Submitted) Gen:Trojan.Heur.Hype.bqW@auxFMVj (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\1E425A39E551E4FF (Not cleaned) Gen:Trojan.Heur.Hype.bqW@auxFMVj (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\206B8ED1E328B067 (Not cleaned) Gen:Trojan.Heur.Hype.bqW@auxFMVj (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\77EA8F3D8BA9AFF9 (Not cleaned) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\C.EXE (Not cleaned) Gen:Trojan.Heur.Hype.bqW@auxFMVj (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\FEF406E904A0384D (Not cleaned) Gen:Packed.FakeAV.1 (virus) * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\E.EXE (Not cleaned) Statistics Scanned: * Files: 65694 * System: 4649 * Not scanned: 21 Actions: * Disinfected: 11 * Renamed: 5 * Deleted: 0 * Not cleaned: 6 * Submitted: 5 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\EVENTLOG.DLL * C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL * C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\NETWORK DIAGNOSTIC\XPNETDIAG.XML * C:\WINDOWS\ERDNT\CFRECOVERY.BAT * C:\WINDOWS\DOWNLOADED PROGRAM FILES\FSLAUNCHER.DLL * C:\WINDOWS\DOWNLOADED PROGRAM FILES\FSLAUNCHER.INF * C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE * C:\PROGRAM FILES\REGISTRYFIX\REGISTRYFIX.EXE * C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\TEMP\ETILQS_XNGC14VXOFHJPDPBDX7R * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NOS\ADOBE_DOWNLOADS\ARH.EXE * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F * C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 2 FOR ROOTREPEAL.ZIP\ROOTREPEAL.EXE * C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 1 FOR ROOTREPEAL.ZIP\ROOTREPEAL.EXE Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics Copyright
  20. Please see the attached document. I cannot post much of anything of any size in the replies. I keep getting an error when I try run fsecure. Fsecure_error.doc
  21. I ahd ot attach my Netnanny scan results, sorry. nn550_scan.txt
  22. I am having trouble posting ot the forum. I keep getting a 501 error, wrb page cannot be displayed
  23. Attahc.txt zipped and attached. Here is my DDS log: DDS (Ver_09-07-30.01) - NTFSx86 Run by Don at 16:06:52.03 on Sat 09/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\NBC Direct\DirectPlayerCore.exe C:\Program Files\Logitech\Logitech Vid\vid.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Don\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe" uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?] S2 gupdate1ca13e2ea342671;Google Update Service (gupdate1ca13e2ea342671);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104] S2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swagent.exe --> c:\program files\mcafee\managed virusscan\agent\swAgent.exe [?] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-21 68762] =============== Created Last 30 ================ 2009-08-31 22:07 <DIR> --dsh--- c:\documents and settings\don\IECompatCache 2009-08-30 21:13 <DIR> --d----- c:\windows\LastGood.Tmp 2009-08-30 00:03 88 ---shr-- c:\windows\system32\D3C50E08A6.sys 2009-08-29 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-08-24 22:26 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-08-24 22:16 230,912 a------- c:\windows\PEV.exe 2009-08-24 22:16 161,792 a------- c:\windows\SWREG.exe 2009-08-24 22:16 98,816 a------- c:\windows\sed.exe 2009-08-21 22:10 135,168 a------- C:\zip.exe 2009-08-21 22:10 574 a------- C:\cleanup.bat 2009-08-17 20:32 2 a--sh--- C:\472657839 2009-08-12 07:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-08-12 07:04 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll ==================== Find3M ==================== 2009-08-30 00:04 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll 2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll 2009-03-16 17:41 0 a------- c:\documents and settings\don\settings.dat 2008-04-28 09:43 256 a------- c:\documents and settings\don\pool.bin 2007-07-18 19:56 251 ac------ c:\program files\wt3d.ini 2007-03-04 11:57 19,121,288 ac------ c:\program files\netnanny.550.exe 2008-07-14 18:45 88 ---shr-- c:\windows\system32\6B126CA445.sys 2009-01-04 21:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010420090105\index.dat ============= FINISH: 16:07:28.73 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.