medeski

the more likely scenario is that im being used as a bot for ddos attacks.

i dont save passwords or any personal information, so the only thing i really have to worry about would be man in the middle attacks or session highjacking, which is highly unlikely from a backdoor.

youre right dude, i shouldnt have been such a dick. im not worried about identity theft or any of that bullshit like credit card fraud. i use this computer for irc, and i multiboot backtrack 5, thats about it, everything else i do is on a vps or dedicated server. now that i have identified the problem im going to lurk soem forums about this particular backdoor and see about removing it.

like honestly i couldnt contain myself from laughing at your final post. "im afriad i have bad news, looks like you have a trojan of the backdoor type" no stuff sherlock, i told you that in my first post. if your first suggestion is to reinstall the operating system, youre no technician.

i understand theres a backdoor hijacking the camera, i knew that before you had me scan my computer and post logs, i think i stated that in the first post. fortunately there are easier ways to remove trojans than reinstalling the operating system. im done using your tools and scanners i need to talk to someone who actually knows what theyre tlaking about and doesnt talk to me like im some sort of computer illiterate 5th grader, which means im changing forums.

Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.18.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 medeski :: BLACKB0X [administrator] 11/18/2012 9:29:57 AM mbar-log-2012-11-18 (09-29-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 26028 Time elapsed: 13 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\medeski\Local Settings\Temp\upnp.exe (Backdoor.Daromec) -> Delete on reboot. [826f4c6ba2bb3df9e13ca361f11319e7] (end) ___________________________________________________________________________________________________________________________________ --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.596000 GHz Memory total: 1063235584, free: 514646016 ------------ Kernel report ------------ 11/18/2012 09:13:39 ------------ Loaded modules ----------- \windows\system32\ntkrnlpa.exe \windows\system32\hal.dll \windows\system32\KDCOM.DLL \windows\system32\BOOTVID.dll ACPI.sys \windows\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \windows\system32\DRIVERS\1394BUS.SYS compbatt.sys \windows\system32\DRIVERS\BATTC.SYS pciide.sys \windows\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys ACPIEC.sys \windows\system32\DRIVERS\OPRGHDLR.SYS mvxxmm.sys VolSnap.sys atapi.sys iastor9.sys mv61xxmm.sys mv64xxmm.sys disk.sys \windows\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys giveio.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwLx32.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\cpqbttn.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\RimSerial.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\vsb.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\HSFHWAZL.sys \SystemRoot\system32\DRIVERS\HSF_DPV.sys \SystemRoot\system32\DRIVERS\HSF_CNXT.sys \SystemRoot\system32\DRIVERS\usbhub.sys \??\C:\WINDOWS\system32\SAVRKBootTasks.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \??\C:\WINDOWS\system32\drivers\oreans32.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86b3fab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff86b42940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.18.02 Downloaded database version: v2012.11.15.02 Initializing... Done! Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86b3fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86b66e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86b3fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86b699e8, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86b42940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe3930358, 0xffffffff86b3fab8, 0xffffffff85457ab8 Lower DeviceData: 0xffffffffe38d76c0, 0xffffffff86b42940, 0xffffffff869e9190 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7FC1A Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 877999444 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with CSH (0x5) Partition is NOT ACTIVE. Partition starts at LBA: 878000126 Numsec = 98772994 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)... Done! Performing system, memory and registry scan... Infected: C:\Documents and Settings\medeski\Local Settings\Temp\upnp.exe --> [backdoor.Daromec] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.596000 GHz Memory total: 1063235584, free: 789790720

# AdwCleaner v2.007 - Logfile created 11/17/2012 at 17:32:55 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : medeski - BLACKB0X # Boot Mode : Normal # Running from : C:\Documents and Settings\medeski\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\DOCUME~1\medeski\LOCALS~1\Temp\BabylonToolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Deleted : C:\Documents and Settings\medeski\Application Data\Babylon Folder Deleted : C:\Documents and Settings\medeski\Application Data\OpenCandy Folder Deleted : C:\Documents and Settings\medeski\Application Data\Search Settings Folder Deleted : C:\Documents and Settings\medeski\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Application Updater Folder Deleted : C:\Program Files\Common Files\spigot Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\YouTube Downloader Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Microsoft\Babylon Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=NT_ss&mntrId=841fc11a0000000000000019d236e0e1 --> hxxp://www.google.com -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\medeski\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Chromium v [unable to get version] File : C:\Documents and Settings\medeski\Local Settings\Application Data\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [6114 octets] - [16/11/2012 17:01:32] AdwCleaner[s1].txt - [5951 octets] - [17/11/2012 17:32:55] ########## EOF - C:\AdwCleaner[s1].txt - [6011 octets] ##########

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 17:01:32 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : medeski - BLACKB0X # Boot Mode : Normal # Running from : C:\Documents and Settings\medeski\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** File Found : C:\user.js Folder Found : C:\DOCUME~1\medeski\LOCALS~1\Temp\BabylonToolbar Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Found : C:\Documents and Settings\medeski\Application Data\Babylon Folder Found : C:\Documents and Settings\medeski\Application Data\OpenCandy Folder Found : C:\Documents and Settings\medeski\Application Data\Search Settings Folder Found : C:\Documents and Settings\medeski\Local Settings\Application Data\Conduit Folder Found : C:\Program Files\Application Updater Folder Found : C:\Program Files\Common Files\spigot Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\Free Offers from Freeze.com Folder Found : C:\Program Files\YouTube Downloader Toolbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\Ask&Record Key Found : HKCU\Software\Microsoft\Babylon Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKCU\Software\Search Settings Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\wecarereminder Key Found : HKLM\Software\Application Updater Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Found : HKLM\Software\Search Settings Key Found : HKLM\SOFTWARE\Software Key Found : HKU\S-1-5-21-343818398-776561741-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-343818398-776561741-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=NT_ss&mntrId=841fc11a0000000000000019d236e0e1 -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\medeski\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Chromium v [unable to get version] File : C:\Documents and Settings\medeski\Local Settings\Application Data\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5985 octets] - [16/11/2012 17:01:32] ########## EOF - C:\AdwCleaner[R1].txt - [6045 octets] ##########

i got the log from the first scan but dds sat there for 20 minutes and finally froze my computer, so i rebooted and tried again, same scenario. it has a dual core 1.6ghz processor and a gig of ram, i dont know why dds is causing it to crash.

my built in webcam used to work, i tried to use tinychat with my girlfriend today and it says another application is using the camera, the light isnt on, but im still guessing the webcam is hijacked, ive tried updating the driver, the most current up to date driver is installed, i have uninstalled any programs that may be taking control of the camera such as skype. i really dont want to reinstall the operating system and start over any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:18:05 PM, on 11/15/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\windows\system32\ICO.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\windows\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\windows\system32\svchost.exe C:\Invision\mirc.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\SRWare Iron\iron.exe C:\Documents and Settings\medeski\Desktop\highjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=HP_ss&mntrId=841fc11a0000000000000019d236e0e1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - Startup: Dropbox.lnk = C:\Documents and Settings\medeski\Application Data\Dropbox\bin\Dropbox.exe O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing) O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing) -- End of file - 4369 bytes