Jump to content

sangredecomputador

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by sangredecomputador

  1. Notes from the combofix and dds runs: During ComboFix run, received message "files trying to attach to ComboFix" C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll Also during ComboFix, OS error: Windows Application Error The instruction at "0x003999fw" referenced memory at "0xffffa598". The memory could not be "read". Click on OK to terminate the program After ComboFix, DDS.scr would not run, when I double-clicked DDS.scr on the desktop, the MS-DOS window would flash on screen, closing immediately. Downloaded a new version as DDS.com, it also would not run. Restarted computer. Changed name of DDS.com to DDS.scr, double-clicked and it appeared to run without issue.
  2. Combofix.txt and a new dds.txt: ComboFix 10-05-25.02 - sangredecomputador 05/25/2010 18:10:26.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1343 [GMT -4:00] Running from: c:\documents and settings\sangredecomputador\Desktop\ComboFix.exe AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33} . The following files were disabled during the run: c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\sangredecomputador\g2mdlhlpx.exe c:\windows\system32\VB40032.DLL . ((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))))) . 2010-05-25 03:09 . 2010-05-25 03:09 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1 2010-05-25 03:09 . 2010-05-25 03:09 -------- d-----w- c:\program files\ComcastAccess 2010-05-25 03:08 . 2010-05-25 03:08 144162 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Move Networks\uninstall.exe 2010-05-25 03:08 . 2010-05-25 03:08 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Move Networks 2010-05-25 03:08 . 2010-05-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\com.comcast.access 2010-05-25 03:08 . 2010-05-25 03:09 -------- d-----w- c:\documents and settings\sangredecomputador\Local Settings\Application Data\ComcastAccess 2010-05-25 02:56 . 2010-03-23 13:54 3371 ----a-w- C:\acddiag.cmd 2010-05-25 00:35 . 2010-05-25 00:35 -------- d-----w- C:\HPFixScan 2010-05-24 19:19 . 2010-05-24 19:19 503808 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\msvcp71.dll 2010-05-24 19:19 . 2010-05-24 19:19 499712 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\jmc.dll 2010-05-24 19:19 . 2010-05-24 19:19 348160 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a712566-n\msvcr71.dll 2010-05-24 19:19 . 2010-05-24 19:19 61440 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-260f4a29-n\decora-sse.dll 2010-05-24 19:19 . 2010-05-24 19:19 12800 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-260f4a29-n\decora-d3d.dll 2010-05-21 21:01 . 2010-05-21 21:01 -------- d-----w- C:\mech-turk-tools-1.3.0 2010-05-21 17:14 . 2005-05-27 18:15 65536 ----a-w- c:\windows\system32\d4channel.dll 2010-05-21 17:14 . 2003-07-02 18:15 61440 ----a-w- c:\windows\system32\PMLJNI.dll 2010-05-21 17:14 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll 2010-05-21 17:14 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll 2010-05-21 17:14 . 2010-05-21 17:14 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-05-21 17:12 . 2010-05-21 17:12 13451 ----a-w- c:\windows\hpbins01.dat 2010-05-21 17:12 . 2005-03-30 15:22 1380 ------w- c:\windows\hpbmdl01.dat 2010-05-21 17:10 . 2010-05-21 17:10 -------- d-----w- c:\program files\Common Files\SWF Studio 2010-05-18 20:48 . 2010-05-18 20:48 -------- d-----w- c:\program files\iPod 2010-05-18 20:34 . 2010-05-18 20:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Windows Search 2010-05-12 17:56 . 2010-01-04 10:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-05-12 17:54 . 2010-01-04 10:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-05-12 17:52 . 2010-04-28 19:12 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys 2010-05-12 17:52 . 2010-04-28 19:12 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-05-12 17:52 . 2010-04-28 19:12 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys 2010-05-12 17:49 . 2010-05-12 17:49 16938616 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\AntiMalware\Downloads\SBVIPRE_FW_EN.4.0.3282.exe 2010-05-12 16:13 . 2010-05-12 16:13 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Windows Desktop Search 2010-05-12 16:07 . 2010-05-12 18:05 -------- d-----w- c:\program files\Windows Desktop Search 2010-05-12 16:07 . 2010-05-12 16:07 -------- d-----w- c:\windows\system32\GroupPolicy 2010-05-12 16:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2010-05-12 16:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2010-05-12 16:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2010-04-30 16:31 . 2010-04-30 16:31 27984 ----a-w- c:\windows\system32\sbbd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-25 22:01 . 2008-03-13 16:39 -------- d-----w- c:\program files\foobar2000 2010-05-25 21:23 . 2008-03-13 16:39 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\foobar2000 2010-05-25 03:08 . 2009-12-18 03:27 5603776 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Move Networks\plugins\npqmp071706000001.dll 2010-05-25 00:15 . 2006-04-17 00:26 -------- d--h--w- c:\program files\Zero G Registry 2010-05-25 00:14 . 2006-04-17 00:26 -------- d-----w- c:\program files\Hewlett-Packard 2010-05-25 00:10 . 2006-04-18 18:20 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Skype 2010-05-21 17:28 . 2006-04-17 00:41 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\AdobeUM 2010-05-21 17:12 . 2006-04-17 00:23 -------- d-----w- c:\program files\hp 2010-05-20 15:40 . 2010-04-01 16:00 81920 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connecthook.dll 2010-05-20 15:40 . 2010-04-01 16:00 158720 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectsprd.dll 2010-05-18 20:49 . 2009-06-07 00:30 -------- d-----w- c:\program files\iTunes 2010-05-18 20:48 . 2008-08-22 17:59 -------- d-----w- c:\program files\Common Files\Apple 2010-05-18 20:37 . 2008-07-07 17:25 -------- d-----w- c:\program files\Bonjour 2010-05-16 00:55 . 2009-09-04 03:28 483936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-05-15 16:00 . 2009-11-13 17:28 -------- d-----w- c:\program files\Microsoft adCenter 2010-05-14 13:46 . 2008-01-16 01:40 82528 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-12 21:18 . 2009-12-15 22:43 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\vlc 2010-05-12 17:55 . 2006-04-17 02:44 98424 ----a-w- c:\documents and settings\sangredecomputador\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-12 13:12 . 2007-07-22 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-11 15:54 . 2009-03-30 21:31 -------- d-----w- c:\program files\CCleaner 2010-05-11 15:32 . 2006-07-07 18:36 -------- d-----w- c:\program files\Paint.NET 2010-05-10 15:08 . 2009-11-02 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-08 19:15 . 2008-04-28 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\QIntegrator 2010-04-29 19:39 . 2009-11-02 22:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-11-02 22:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 20:53 . 2010-04-25 20:53 323624 ----a-w- c:\windows\system32\wiaaut.dll 2010-04-22 12:29 . 2006-04-12 20:18 -------- d-----w- c:\program files\Java 2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-04-15 14:38 . 2006-04-26 14:28 -------- d-----w- c:\documents and settings\sangredecomputador\Application Data\Apple Computer 2010-04-13 21:37 . 2010-04-18 14:28 89088 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll 2010-04-13 21:37 . 2010-04-18 14:28 89600 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll 2010-04-13 21:37 . 2010-04-18 14:28 89088 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll 2010-04-12 21:29 . 2010-04-22 12:30 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-07 14:38 . 2010-04-07 14:38 -------- d-----w- c:\program files\Common Files\Java 2010-04-07 14:33 . 2010-04-07 14:33 79488 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll 2010-04-07 14:33 . 2010-04-07 14:33 152576 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Sun\Java\jre1.6.0_19\lzma.dll 2010-04-07 13:56 . 2010-04-07 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-07 13:51 . 2006-04-19 22:47 -------- d-----w- c:\program files\QuickTime 2010-04-07 13:49 . 2010-04-07 13:49 -------- d-----w- c:\program files\Apple Software Update 2010-04-01 16:00 . 2010-04-01 16:00 3553680 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe 2010-03-27 01:19 . 2010-03-27 01:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2010-03-26 14:33 . 2010-04-15 12:27 1496064 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 14:33 . 2010-04-15 12:27 43008 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 14:33 . 2010-04-15 12:27 339456 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 14:32 . 2010-04-15 12:27 346112 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-10 06:15 . 2004-08-11 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 01:15 . 2009-04-23 14:45 38784 ----a-w- c:\documents and settings\sangredecomputador\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-04 08:00 . 2010-03-04 08:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-02-25 06:24 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{0E653882-06F5-48CA-9726-BFABE5E50CE0}" [HKEY_CLASSES_ROOT\CLSID\{0E653882-06F5-48CA-9726-BFABE5E50CE0}] 2010-02-05 17:38 137272 ----a-w- c:\windows\system32\VSMntNtf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408] "LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2009-12-16 647168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-04-30 1291600] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 151552] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2010-05-21 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] Jungle Disk Desktop.lnk - c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [2010-3-19 6858496] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Sunbelt Software\CounterSpy\Definitions [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk backup=c:\windows\pss\Device Detector 3.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^sangredecomputador^Start Menu^Programs^Startup^Trillian.lnk] path=c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\Trillian.lnk backup=c:\windows\pss\Trillian.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^sangredecomputador^Start Menu^Programs^Startup^Yammer.lnk] path=c:\documents and settings\sangredecomputador\Start Menu\Programs\Startup\Yammer.lnk backup=c:\windows\pss\Yammer.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2007-07-02 10:27 219520 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Democracy Player] 2007-02-21 18:31 217088 ----a-w- c:\program files\Participatory Culture Foundation\Democracy Player\Democracy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3] 2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] 2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] 2006-03-23 04:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] 2009-11-11 02:21 5079040 ----a-w- c:\program files\Gizmo5\Gizmo5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\hp\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] 2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] 2010-05-21 17:15 98304 ----a-w- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] 2006-08-30 16:46 183367 ----a-w- c:\program files\Plaxo\2.9.0.38\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 14:02 26103592 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6] 2005-04-08 16:18 151552 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2009-06-15 00:12 1217784 ----a-w- c:\program files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] 2004-05-20 16:37 188416 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync] 2009-10-23 01:18 1171784 ----a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= "c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"= "c:\\Program Files\\Steam\\steamapps\\arsblog\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Gizmo5\\Gizmo5.exe"= "c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\sangredecomputador\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Livescribe\\Livescribe Desktop\\LDTray.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\MySQL\\MySQL Server 5.1\\bin\\mysqld.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9544:TCP"= 9544:TCP:BitComet 9544 TCP "9544:UDP"= 9544:UDP:BitComet 9544 UDP "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/3/2009 8:49 AM 28552] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [3/25/2010 1:35 PM 145504] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/12/2010 1:54 PM 13400] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [5/12/2010 1:52 PM 322904] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [5/12/2010 1:52 PM 204632] R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronService.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?] R2 JungleDiskService;JungleDiskService;c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [3/19/2010 6:21 PM 6858496] R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [3/30/2009 4:25 AM 43010392] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [12/16/2009 2:08 PM 265728] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/12/2010 1:56 PM 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [4/30/2010 12:30 PM 181584] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/7/2010 5:52 PM 67800] S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2008 11:00 AM 133104] S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [4/30/2010 12:31 PM 2730120] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [12/23/2009 5:03 PM 20096] S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [5/12/2010 1:52 PM 86232] S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys --> c:\windows\system32\DRIVERS\SmartpenBus.sys [?] S3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys --> c:\windows\system32\DRIVERS\SmartpenCom.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3/31/2009 4:44 AM 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936] . Contents of the 'Scheduled Tasks' folder 2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 22:05] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 22:05] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511926676-3137840940-3359351920-1006Core.job - c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:05] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511926676-3137840940-3359351920-1006UA.job - c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:05] 2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{97A9E062-DECA-45F3-B981-4A2E9736C081}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &D&ownload &with BitComet IE: &D&ownload all video with BitComet IE: &D&ownload all with BitComet IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll FF - component: c:\documents and settings\sangredecomputador\Application Data\Mozilla\Firefox\Profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - plugin: c:\documents and settings\sangredecomputador\Application Data\Move Networks\plugins\npqmp071706000001.dll FF - plugin: c:\documents and settings\sangredecomputador\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPxDDUpldCS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPxUpld.dll FF - plugin: c:\program files\Opera\program\plugins\npjpi160_15.dll FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{78061A12-1E91-4446-8B65-8ED2FF328D4A} - (no file) ShellIconOverlayIdentifiers-{700AD13D-E86F-41C9-9A8F-39B4C438806F} - (no file) ShellIconOverlayIdentifiers-{48C7A606-0F84-4DC8-8AFD-A157BDF18A08} - (no file) MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-AudioCommander - c:\program files\Andrea Electronics\Andrea VoiceCenter\AudioCommander.exe MSConfigStartUp-CPMe36fca9b - c:\windows\system32\jabokuda.dll MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe MSConfigStartUp-FolderShare - c:\program files\FolderShare\FolderShare.exe MSConfigStartUp-Gizmo Project - c:\program files\Gizmo Project\Gizmo.exe MSConfigStartUp-HotRecorder - c:\program files\HotRecorder\HotRecorder.exe MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe MSConfigStartUp-Pando - c:\program files\Pando Networks\Pando\Pando.exe MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe MSConfigStartUp-VoiceCenter - c:\program files\Andrea Electronics\Andrea VoiceCenter\VoiceCenter.exe MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe AddRemove-HP Document Viewer - c:\program files\hp\Digital Imaging\DocumentViewer\hpzscr01.exe AddRemove-HP Imaging Device Functions - c:\program files\hp\Digital Imaging\DeviceManagement\hpzscr01.exe AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\hp\Digital Imaging\eSupport\hpzscr01.exe AddRemove-HPOCR - c:\program files\hp\Digital Imaging\OCR\hpzscr01.exe AddRemove-{F64D55C1-734C-4249-886E-4C41A9889A36} - c:\program files\hp\Digital Imaging\{F64D55C1-734C-4249-886E-4C41A9889A36}\setup\hpzscr01.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-25 18:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run LDTray = c:\program files\Livescribe\Livescribe Desktop\LDTray.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... c:\docume~1\sangredecomputador~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(976) c:\windows\system32\GTGina.dll . Completion time: 2010-05-25 18:22:58 ComboFix-quarantined-files.txt 2010-05-25 22:22 Pre-Run: 98,104,586,240 bytes free Post-Run: 98,340,204,544 bytes free - - End Of File - - A6336901D8A9E9BD3B8CD9F97C31B2F1 DDS (Ver_10-03-17.01) - NTFSx86 Run by sangredecomputador at 19:55:37.56 on Tue 05/25/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1433 [GMT -4:00] AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Perl\bin\perl.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\WINDOWS\system32\hpzipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\sangredecomputador\Desktop\dds .scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll BHO: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [Google Update] "c:\documents and settings\sangredecomputador\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [statusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\sangredecomputador~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &D&ownload &with BitComet IE: &D&ownload all video with BitComet IE: &D&ownload all with BitComet IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3253344D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c7/v15.585/qboax9.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v18.166/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/c1/v14.222/qboax8.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll STS: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sangredecomputador~1\applic~1\mozilla\firefox\profiles\14kf7vs5.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.5.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.6.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.dll FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-3 28552] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-25 145504] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-12 13400] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-12 322904] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-12 204632] R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronservice.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?] R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-3-19 6858496] R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\sqlservr.exe [2009-3-30 43010392] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-12-16 265728] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-12 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-4-7 67800] S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104] S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-12-23 20096] S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-12 86232] S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\smartpenbus.sys --> c:\windows\system32\drivers\SmartpenBus.sys [?] S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\smartpencom.sys --> c:\windows\system32\drivers\SmartpenCom.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2010-05-25 22:07:00 98816 ----a-w- c:\windows\sed.exe 2010-05-25 22:07:00 77312 ----a-w- c:\windows\MBR.exe 2010-05-25 22:07:00 256512 ----a-w- c:\windows\PEV.exe 2010-05-25 22:07:00 161792 ----a-w- c:\windows\SWREG.exe 2010-05-25 03:09:31 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1 2010-05-25 03:09:08 0 d-----w- c:\program files\ComcastAccess 2010-05-25 03:08:44 0 d-----w- c:\docume~1\alluse~1\applic~1\com.comcast.access 2010-05-25 02:56:00 3371 ----a-w- C:\acddiag.cmd 2010-05-25 00:35:07 0 d-----w- C:\HPFixScan 2010-05-21 21:01:09 0 d-----w- C:\mech-turk-tools-1.3.0 2010-05-21 17:14:58 74752 ----a-w- c:\windows\system32\jst.dll 2010-05-21 17:14:58 65536 ----a-w- c:\windows\system32\d4channel.dll 2010-05-21 17:14:58 61440 ----a-w- c:\windows\system32\PMLJNI.dll 2010-05-21 17:14:58 36864 ----a-w- c:\windows\system32\hpbmmjno.dll 2010-05-21 17:12:42 375 ----a-w- c:\windows\hpbvspst.bu1 2010-05-21 17:12:42 2321 ----a-w- c:\windows\hpbvspst.hi1 2010-05-21 17:12:20 1380 ------w- c:\windows\hpbmdl01.dat 2010-05-21 17:12:20 13451 ----a-w- c:\windows\hpbins01.dat 2010-05-21 17:12:15 3519 ----a-w- c:\windows\hpbvnstp.hi1 2010-05-21 17:12:15 1005 ----a-w- c:\windows\hpbvnstp.bu1 2010-05-21 17:10:48 0 d-----w- c:\program files\common files\SWF Studio 2010-05-21 16:57:45 8088 ----a-w- c:\windows\hplj3380.bu2 2010-05-21 16:57:45 131196 ----a-w- c:\windows\hplj3380.hi2 2010-05-21 16:50:31 8331 ----a-w- c:\windows\hplj3380.bu1 2010-05-21 16:50:31 142251 ----a-w- c:\windows\hplj3380.hi1 2010-05-18 20:48:05 0 d-----w- c:\program files\iPod 2010-05-18 18:22:21 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Search 2010-05-13 01:45:26 334 ----a-w- c:\windows\system32\CountBlockedByFirewall.XML 2010-05-12 17:56:03 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-05-12 17:54:19 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-05-12 17:52:06 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys 2010-05-12 17:52:06 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-05-12 17:52:03 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys 2010-05-12 16:13:28 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Desktop Search 2010-05-12 16:07:21 0 d-----w- c:\windows\system32\GroupPolicy 2010-05-12 16:07:21 0 d-----w- c:\program files\Windows Desktop Search 2010-05-12 16:06:12 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2010-05-12 16:06:12 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2010-05-12 16:06:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2010-04-30 16:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe ==================== Find3M ==================== 2010-05-14 13:46:48 82528 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 20:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll 2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-27 01:19:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll 2008-09-05 18:51:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 19:56:50.35 ===============
  3. This was with nothing checked but sections. Drives/C: was NOT checked. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-22 16:21:48 Windows 5.1.2600 Service Pack 3 Running: 9l9wjf8d.exe; Driver: C:\DOCUME~1\sangredecomputador~1\LOCALS~1\Temp\fxlyruog.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1752] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  4. Here's DDS Attach.txt, I will post new GMER asap. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/14/2006 3:20:22 PM System Uptime: 5/13/2010 8:37:25 AM (11 hours ago) Motherboard: Dell Inc. | | 0CJ774 Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 233 GiB total, 92.266 GiB free. D: is CDROM () E: is CDROM (CDFS) G: is Removable H: is Removable I: is Removable J: is NetworkDisk (NTFS) - 1024 GiB total, 1024 GiB free. K: is Removable ==== Disabled Device Manager Items ============= Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: hp LaserJet 3380 (DOT4USB) Device ID: USB\VID_03F0&PID_1917\00CNBM160600 Manufacturer: Hewlett-Packard Name: hp LaserJet 3380 (DOT4USB) PNP Device ID: USB\VID_03F0&PID_1917\00CNBM160600 Service: ==== System Restore Points =================== RP72: 2/13/2010 4:47:09 PM - System Checkpoint RP73: 2/23/2010 12:18:56 PM - System Checkpoint RP74: 2/24/2010 10:06:04 AM - Software Distribution Service 3.0 RP75: 2/25/2010 2:41:30 PM - System Checkpoint RP76: 2/26/2010 4:17:17 PM - System Checkpoint RP77: 3/1/2010 3:56:13 PM - System Checkpoint RP78: 3/2/2010 4:34:42 PM - System Checkpoint RP79: 3/4/2010 10:50:46 AM - System Checkpoint RP80: 3/5/2010 5:24:37 PM - System Checkpoint RP81: 3/7/2010 5:26:13 PM - System Checkpoint RP82: 3/10/2010 8:46:11 PM - Software Distribution Service 3.0 RP83: 3/17/2010 7:21:22 AM - Software Distribution Service 3.0 RP84: 3/18/2010 1:31:47 PM - System Checkpoint RP85: 3/19/2010 11:00:16 AM - Installed Safari RP86: 3/19/2010 11:13:50 AM - Removed Skype
  5. I am getting searchmagnified.com pop-ups and pop-unders when using Chrome browser v5.0.375.38 on Windows XP Professional v2002 SP3. Also getting alert system battery voltage low warning during boot, did not start until searchmagnified.com pop-ups started to appear. Took multiple attempts to get GMER log, computer would crash and at one point needed two restarts before a successful reboot. DDS and MBAM logs below. The other two logs are attached. Thanks in advance for your help, I have upgraded to MBAM Pro. ================================================== DDS (Ver_10-03-17.01) - NTFSx86 Run by sangredecomputador at 19:29:31.25 on Thu 05/13/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1009 [GMT -4:00] AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Perl\bin\perl.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\WINDOWS\system32\hpzipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\sangredecomputador\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\sangredecomputador\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll BHO: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [Google Update] "c:\documents and settings\sangredecomputador\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\sangredecomputador~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &D&ownload &with BitComet IE: &D&ownload all video with BitComet IE: &D&ownload all with BitComet IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3253344D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c7/v15.585/qboax9.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v18.166/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/c1/v14.222/qboax8.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll STS: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sangredecomputador~1\applic~1\mozilla\firefox\profiles\14kf7vs5.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.5.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.6.dll FF - component: c:\documents and settings\sangredecomputador\application data\mozilla\firefox\profiles\14kf7vs5.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.dll FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - plugin: c:\documents and settings\sangredecomputador\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\sangredecomputador\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPPxDDUpldCS.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPPxUpld.dll FF - plugin: c:\program files\opera\program\plugins\npjpi160_15.dll FF - plugin: c:\program files\opera\program\plugins\npoji610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-3 28552] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-25 145504] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-12 13400] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-12 322904] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-12 204632] R2 CRON;Cron Service (CRONw);c:\perl\bin\perl.exe "c:\cronw\cronservice.pl" --crontab="c:\cronw\crontab.txt" --> c:\perl\bin\perl.exe c:\cronw\cronService.pl [?] R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-3-19 6858496] R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\sqlservr.exe [2009-3-30 43010392] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-12-16 265728] R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-12 69720] R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-4-7 67800] R3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-12 86232] S2 gupdate1c857cf2af3d00c;Google Update Service (gupdate1c857cf2af3d00c);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-12-23 20096] S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\smartpenbus.sys --> c:\windows\system32\drivers\SmartpenBus.sys [?] S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\smartpencom.sys --> c:\windows\system32\drivers\SmartpenCom.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2010-05-13 01:45:26 334 ----a-w- c:\windows\system32\CountBlockedByFirewall.XML 2010-05-12 17:56:03 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-05-12 17:54:19 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-05-12 17:52:06 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys 2010-05-12 17:52:06 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-05-12 17:52:03 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys 2010-05-12 16:13:28 0 d-----w- c:\docume~1\sangredecomputador~1\applic~1\Windows Desktop Search 2010-05-12 16:07:21 0 d-----w- c:\windows\system32\GroupPolicy 2010-05-12 16:07:21 0 d-----w- c:\program files\Windows Desktop Search 2010-05-12 16:06:12 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2010-05-12 16:06:12 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2010-05-12 16:06:12 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2010-04-30 16:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-04-25 20:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll 2010-04-22 12:30:16 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-16 20:47:38 3252 ----a-w- c:\windows\system32\wbem\Outlook_01cadda60c9d79b3.mof ==================== Find3M ==================== 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-27 01:19:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2010-03-20 18:19:24 83056 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-19 15:05:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2008-09-05 18:51:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 19:31:03.87 =============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4120 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/20/2010 9:59:39 AM mbam-log-2010-05-20 (09-59-39).txt Scan type: Quick scan Objects scanned: 141360 Time elapsed: 14 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.